Project

General

Profile

Actions
Copy link

Bug #38987

closed

SELinux prevents foreman_kubevirt from connecting to the OpenShift API

Added by Evgeni Golov 3 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Evgeni Golov
Category:
Plugins
Target version:
Foreman - 3.18.0
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman-selinux/pull/184
Fixed in Releases:
Foreman - 3.18.0
Found in Releases:
Red Hat JIRA:
SAT-36378

Description

time->Mon Jan 12 02:50:08 2026
type=PROCTITLE msg=audit(1768204208.402:9168): proctitle=70756D613A20636C757374657220776F726B657220383A203739393030205B666F72656D616E5D
type=SYSCALL msg=audit(1768204208.402:9168): arch=c000003e syscall=42 success=no exit=-13 a0=1f a1=560db1638300 a2=10 a3=560d9c0d6080 items=0 ppid=79900 pid=80110 auid=4294967295 uid=993 gid=992 euid=993 suid=993 fsuid=993 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=70756D612073727620747020303034 exe="/usr/bin/ruby" subj=system_u:system_r:foreman_rails_t:s0 key=(null)
type=AVC msg=audit(1768204208.402:9168): avc:  denied  { name_connect } for  pid=80110 comm=70756D612073727620747020303034 dest=6443 scontext=system_u:system_r:foreman_rails_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0

OpenShift uses port 6443 for its API, and we do not allow to connect there by default

Actions
Copy link
 #1

Updated by The Foreman Bot 3 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/184 added
Actions
Copy link
 #2

Updated by Evgeni Golov 3 months ago

  • Red Hat JIRA set to SAT-36378
Actions
Copy link
 #3

Updated by The Foreman Bot 3 months ago

  • Fixed in Releases 3.18.0 added
Actions
Copy link
 #4

Updated by Evgeni Golov 3 months ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF