Project

General

Profile

Bug #28252

SELinux denials when connecting to cockpit using REX

Added by Lukas Zapletal 12 months ago. Updated 11 months ago.


Description

Description of problem:
Accessing remote host's cockpit through REX fails because of selinux.

Relevant part of audit.log:

type=PROCTITLE msg=audit(11/08/2019 15:39:58.491:137) : proctitle=/usr/libexec/cockpit-ws --no-tls --address 127.0.0.1 --port 19090
type=SYSCALL msg=audit(11/08/2019 15:39:58.491:137) : arch=x86_64 syscall=execve success=no exit=EACCES a0=0x55bbcb1cd5d0 a1=0x7ffd922d5640 a2=0x55bbcb1e1a30 a3=0x7ffd922d4d60 items=0 ppid=759 pid=8965 auid=unset uid=foreman gid=foreman euid=foreman suid=foreman fsuid=foreman egid=foreman sgid=foreman fsgid=foreman tty=(none) ses=unset comm=cockpit-ws exe=/usr/libexec/cockpit-ws subj=system_u:system_r:cockpit_ws_t:s0 key=(null)
type=AVC msg=audit(11/08/2019 15:39:58.491:137) : avc: denied { execute } for pid=8965 comm=cockpit-ws name=foreman-cockpit-session dev="vda1" ino=2231612 scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file

Associated revisions

Revision b19486f2 (diff)
Added by Lukas Zapletal 11 months ago

Fixes #28252 - rules for foreman cockpit session

Revision 0928dd5b (diff)
Added by Lukas Zapletal 11 months ago

Refs #28252 - allow httpd_t to connect to cockpit session

History

#1 Updated by The Foreman Bot 11 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/95 added

#2 Updated by The Foreman Bot 11 months ago

  • Fixed in Releases 2.0.0 added

#3 Updated by Anonymous 11 months ago

  • Status changed from Ready For Testing to Closed

#4 Updated by The Foreman Bot 11 months ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/96 added

#5 Updated by Tomer Brisker 11 months ago

  • Fixed in Releases 1.24.0 added
  • Fixed in Releases deleted (2.0.0)

#6 Updated by The Foreman Bot 11 months ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/97 added

#7 Updated by The Foreman Bot 11 months ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/98 added

Also available in: Atom PDF