Actions
Bug #5882
closedAllow foreman to reach dynflow
Updated by Lukas Zapletal over 10 years ago
- Status changed from Assigned to Ready For Testing
Updated by Lukas Zapletal over 10 years ago
# tail -f /var/log/audit/audit.log | grep AVC type=AVC msg=audit(1400258033.035:164): avc: denied { relabelto } for pid=8510 comm="ruby" name="yaml" dev=dm-0 ino=537367 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=dir type=AVC msg=audit(1400258033.076:165): avc: denied { relabelto } for pid=8510 comm="ruby" name="masterhttp.log" dev=dm-0 ino=536269 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_log_t:s0 tclass=file type=AVC msg=audit(1400258033.337:166): avc: denied { relabelto } for pid=8510 comm="ruby" name="ca_crt.pem" dev=dm-0 ino=536250 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file type=AVC msg=audit(1400258050.395:167): avc: denied { write } for pid=8914 comm="ruby" name="dynflow_socket" dev=dm-0 ino=282452 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:foreman_var_run_t:s0 tclass=sock_file type=AVC msg=audit(1400258050.395:167): avc: denied { connectto } for pid=8914 comm="ruby" path="/var/run/foreman/sockets/dynflow_socket" scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
Updated by Lukas Zapletal over 10 years ago
- Status changed from Ready For Testing to Rejected
We need tasks policy really, testing that.
Actions