Project

General

Profile

Bug #14818

Foreman 1.11/Katello 3 RC3 fails with Selinux enabled

Added by Andreas Pfaffeneder about 6 years ago. Updated almost 4 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

/var/log/audit

type=SYSCALL msg=audit(1461678228.697:602): arch=c000003e syscall=83 success=no exit=-13 a0=8554170 a1=1ff a2=1 a3=1 items=0 ppid=23280 pid=23281 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm="ruby" exe="/opt/rh/rh-ruby22/root/usr/bin/ruby" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.587:603): avc: denied { write } for pid=23281 comm="ruby" name="cache" dev="tmpfs" ino=115299 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:foreman_var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1461678229.587:603): arch=c000003e syscall=2 success=no exit=-13 a0=8289e90 a1=800c2 a2=180 a3=d items=0 ppid=23280 pid=23281 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm="ruby" exe="/opt/rh/rh-ruby22/root/usr/bin/ruby" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:604): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:604): arch=c000003e syscall=268 success=no exit=-1 a0=ffffffffffffff9c a1=1c6f120 a2=1c0 a3=7fffbffc2860 items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:605): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:605): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c70598 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:606): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:606): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c78728 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:607): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:607): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c78858 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:608): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:608): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c78978 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:609): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:609): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c78aa8 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:610): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:610): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c78bd8 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:611): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:611): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c78d08 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:612): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:612): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c78e38 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.803:613): avc: denied { fowner } for pid=23295 comm="chmod" capability=3 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1461678229.803:613): arch=c000003e syscall=268 success=no exit=-1 a0=4 a1=1c78f58 a2=1e4 a3=2b items=0 ppid=21138 pid=23295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chmod" exe="/usr/bin/chmod" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1461678229.811:614): avc: denied { block_suspend } for pid=21148 comm="PassengerHelper" capability=36 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability2
type=SYSCALL msg=audit(1461678229.811:614): arch=c000003e syscall=233 success=yes exit=0 a0=9 a1=2 a2=30000001b a3=12bb450 items=0 ppid=21135 pid=21148 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="PassengerHelper" exe="/usr/libexec/passenger/PassengerHelperAgent" subj=system_u:system_r:httpd_t:s0 key=(null)

Website after install:
Permission denied @ rb_sysopen - /usr/share/foreman/tmp/cache/websockets_ssl_key20160426-23053-1yvu6pw (Errno::EACCES)


Related issues

Is duplicate of SELinux - Bug #14811: Passenger paths changed once again (RHEL7)Closed2016-04-26

History

#1 Updated by Andreas Pfaffeneder about 6 years ago

Centos 7 with updates until April 26th.

#2 Updated by Anonymous about 6 years ago

plase check if this is a duplicate of #14811

#3 Updated by Eric Helms about 6 years ago

  • Is duplicate of Bug #14811: Passenger paths changed once again (RHEL7) added

#4 Updated by Eric Helms about 6 years ago

  • Status changed from New to Duplicate

#5 Updated by Eric Helms almost 6 years ago

  • Legacy Backlogs Release (now unused) set to 166

Also available in: Atom PDF