Project

General

Profile

Bug #13041

selinux context on /var/run/rubygem-passenger/passenger.*/generation-0/request issue after log rotation.

Added by Nicolas Di Gregorio over 3 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
General Foreman
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Hi All,

After upgrading a working well foreman 1.6 to 1.10 on a selinux enabled Red Hat 6.5 I encountered the following issue: at end of log rotation, httpd is reload and the socket /var/run/rubygem-passenger/passenger.xxxxx/generation-0/request is reniewed and get the wrong selinux context "var_run_t" instead of "passenger_var_run_t".

This can be spotted in the httpd error_log by the following message:

[ 2016-01-04 02:21:52.8778 42240/7fcf5067c7e0 apache2/Hooks.cpp:772 ]: Unexpected error in mod_passenger: Cannot connect to Unix socket '/var/run/rubygem-passenger/passenger.1.0.43973/generation-0/request': Permission denied (errno=13)
  Backtrace:
     in 'Passenger::FileDescriptor Hooks::connectToHelperAgent()' (Hooks.cpp:248)
     in 'int Hooks::handleRequest(request_rec*)' (Hooks.cpp:532)

After adding a context rules, the issue is solved.

[root@xxxx ~]# semanage fcontext -a -t passenger_var_run_t "/var/run/rubygem-passenger(.*)?" 
[root@xxxx ~]# restorecon -Rv /var/run/
restorecon reset /var/run/rubygem-passenger context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878 context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0 context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/logging_admin context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/admin-manipulation-password.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/structure_version.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/helper_admin context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/request context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/buffered_uploads context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/passenger-status-password.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/web_server.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/spawn-server context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/logging context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/config_files.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/backends context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/backends/ruby.9YVZAep5G3Z0I83Hi68LGGcqi context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0


Related issues

Related to Packaging - Bug #8392: passenger-status broken on EL7Closed2014-11-13

Associated revisions

Revision 86fa6e79 (diff)
Added by Lukas Zapletal over 3 years ago

Fixes #13041 - passenger var context fix

History

#1 Updated by Dominic Cleal over 3 years ago

  • Related to Bug #8392: passenger-status broken on EL7 added

#2 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Lukas Zapletal
  • Pull request https://github.com/theforeman/foreman-selinux/pull/55 added

#3 Updated by Dominic Cleal over 3 years ago

  • Category set to General Foreman
  • Legacy Backlogs Release (now unused) set to 123

#4 Updated by Anonymous over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF