Project

General

Profile

Actions

Bug #18409

closed

foreman-proxy does not start in 1.14 with SELinux activated

Added by Yvan Broccard almost 8 years ago. Updated over 5 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Smart proxy
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Since upgraded foreman + foreman-proxy from 1.13 to 1.14, the foreman-proxy does not start anymore when SELinux is enabled. It reports an error with DHCP

The foreman-proxy log says :
I, [2017-02-06T16:32:50.931097 ] INFO -- : Successfully initialized 'foreman_proxy'
I, [2017-02-06T16:32:50.931428 ] INFO -- : Successfully initialized 'dns_nsupdate'
I, [2017-02-06T16:32:50.931480 ] INFO -- : Successfully initialized 'dns'
I, [2017-02-06T16:32:50.931520 ] INFO -- : Successfully initialized 'tftp'
E, [2017-02-06T16:32:50.960539 ] ERROR -- : Couldn't enable 'dhcp_isc': ��p$

The SELinux audit log reports that :
audit2allow < /var/log/audit/audit.log

#============= foreman_proxy_t ==============
allow foreman_proxy_t self:process execmem;

#============= logrotate_t ==============
allow logrotate_t systemd_unit_file_t:service stop;

#============= websockify_t ==============
allow websockify_t cert_t:file { getattr open read };


Files

avc.txt avc.txt 17.7 KB Yvan Broccard, 02/08/2017 05:18 AM

Related issues 1 (0 open1 closed)

Related to SELinux - Bug #16273: SELinux Preventing Foreman Proxy From StartingClosedLukas ZapletalActions
Actions #1

Updated by Yvan Broccard almost 8 years ago

This could be found as well in the log :

E, [2017-02-06T16:32:50.960539 ] ERROR -- : Couldn't enable 'dhcp_isc': P<FC><85>p$?
E, [2017-02-06T16:32:50.960710 ] ERROR -- : Error during startup, terminating. Dependency 'leases_observer' is undefined

Actions #2

Updated by Dominic Cleal almost 8 years ago

  • Project changed from Foreman to SELinux
  • Category changed from 56 to Smart proxy

If you have a copy of the original AVCs (rather than policy), it'd be appreciated.

Actions #3

Updated by Yvan Broccard almost 8 years ago

Here is the AVC errors caught in the audit.log, with 3 lines context around.

Cheers

Actions #4

Updated by Lukas Zapletal over 5 years ago

  • Status changed from New to Duplicate
  • Triaged changed from No to Yes

Dupe of #16273 we are going to fix this now.

Actions #5

Updated by Lukas Zapletal over 5 years ago

  • Related to Bug #16273: SELinux Preventing Foreman Proxy From Starting added
Actions

Also available in: Atom PDF