Actions
Feature #22317
closed
Introduce websockify_can_connect_all boolean for non-VNC connections
Description
On a fresh all-in-one installation of foreman with foreman-installer --scenario katello on Centos 7 I can't get the noVNC console to work.
When trying to connect to the console I get the following in audit.log
type=AVC msg=audit(1516297409.070:335): avc: denied { name_connect } for pid=1728 comm="websockify.py" dest=39124 scontext=system_u:system_r:websockify_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1516297409.070:335): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=7ffc006407d0 a2=10 a3=1 items=0 ppid=1720 pid=1728 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="websockify.py" exe="/usr/bin/python2.7" subj=system_u:system_r:websockify_t:s0 key=(null)
I have successfully installed the server certificate and disabling SELinux (setenforce 0) will make the console work. However I can't get it to work with SELinux enabled, even with foreman-selinux and katello-selinux packages installed.
Server is Centos 7.4
Foreman 1.16.0
Katello 3.5.0
Foreman-selinux 1.16.0
Katello-selinux 3.0.2
Updated by Lukas Zapletal over 7 years ago
- Tracker changed from Bug to Feature
- Subject changed from SELinux denies websockify on Centos 7 to Introduce websockify_can_connect_all boolean for non-VNC connections
Updated by
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Assignee set to Lukas Zapletal
- Pull request https://github.com/theforeman/foreman-selinux/pull/77 added
Updated by Anonymous almost 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Actions