Project

General

Profile

Actions

Bug #14863

closed

Passenger upgrade to passenger.x86_64 0:4.0.53-4.el7 breaks foreman

Added by Dylan Baars almost 8 years ago. Updated almost 8 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

After updating my system (katello 3.0RC4 instance) trying to browse to the web interface of foreman gives a "Web application could not be started". There are SELinux warnings in /var/log/messages

Apr 28 13:57:13 wellkatellodev.niwa.local python: SELinux is preventing /opt/rh/rh-ruby22/root/usr/bin/ruby from write access on the directory /usr/share/foreman/tmp/cache/.#012#012***** Plugin catchall (100. confidence) suggests ******************#012#012If you believe that ruby should be allowed write access on the directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep ruby /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012

Apr 28 13:52:12 wellkatellodev.niwa.local python: SELinux is preventing /usr/libexec/passenger/PassengerHelperAgent from using the sys_ptrace capability.#012#012***** Plugin catchall (100. confidence) suggests ******************#012#012If you believe that PassengerHelperAgent should have the sys_ptrace capability by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep PassengerHelper /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012

Turning selinux off (setenforce 0) makes things start to work again

Trying to create a local policy module gives this for the ruby errors

[root@wellkatellodev audit]# grep ruby /var/log/audit/audit.log | audit2allow -M allowruby
Nothing to do

The yum update that caused this is below:

Apr 28 13:39:59 Updated: nspr-4.11.0-1.el7_2.x86_64
Apr 28 13:39:59 Updated: nss-util-3.21.0-2.2.el7_2.x86_64
Apr 28 13:39:59 Updated: nss-softokn-freebl-3.16.2.3-14.2.el7_2.x86_64
Apr 28 13:39:59 Updated: nss-softokn-3.16.2.3-14.2.el7_2.x86_64
Apr 28 13:40:00 Updated: nss-sysinit-3.21.0-9.el7_2.x86_64
Apr 28 13:40:00 Updated: nss-3.21.0-9.el7_2.x86_64
Apr 28 13:40:00 Installed: rubygem-daemon_controller-1.1.2-2.el7.noarch
Apr 28 13:40:00 Installed: libeio-4.19-4.el7.x86_64
Apr 28 13:40:00 Installed: libev-4.15-6.el7.x86_64
Apr 28 13:40:02 Installed: passenger-4.0.53-4.el7.x86_64
Apr 28 13:40:02 Updated: mod_passenger-4.0.53-4.el7.x86_64
Apr 28 13:40:02 Updated: nss-tools-3.21.0-9.el7_2.x86_64
Apr 28 13:40:03 Erased: rubygem-passenger-native-4.0.18-9.10.el7.x86_64
Apr 28 13:40:03 Erased: rubygem-passenger-native-libs-4.0.18-9.10.el7.x86_64
Apr 28 13:40:03 Erased: rubygem-passenger-4.0.18-9.10.el7.x86_64


Related issues 1 (0 open1 closed)

Is duplicate of SELinux - Bug #14811: Passenger paths changed once again (RHEL7)ClosedLukas Zapletal04/26/2016Actions
Actions #1

Updated by Dominic Cleal almost 8 years ago

  • Is duplicate of Bug #14811: Passenger paths changed once again (RHEL7) added
Actions #2

Updated by Dominic Cleal almost 8 years ago

  • Status changed from New to Duplicate

Thanks for the report, a fix is being developed under ticket #14811.

Actions

Also available in: Atom PDF