Project

General

Profile

Bug #5882

Allow foreman to reach dynflow

Added by Lukas Zapletal over 6 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Urgent
Category:
Packaging
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

History

#1 Updated by Lukas Zapletal over 6 years ago

  • Status changed from Assigned to Ready For Testing

#2 Updated by Lukas Zapletal over 6 years ago

# tail -f /var/log/audit/audit.log | grep AVC
type=AVC msg=audit(1400258033.035:164): avc:  denied  { relabelto } for  pid=8510 comm="ruby" name="yaml" dev=dm-0 ino=537367 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1400258033.076:165): avc:  denied  { relabelto } for  pid=8510 comm="ruby" name="masterhttp.log" dev=dm-0 ino=536269 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_log_t:s0 tclass=file
type=AVC msg=audit(1400258033.337:166): avc:  denied  { relabelto } for  pid=8510 comm="ruby" name="ca_crt.pem" dev=dm-0 ino=536250 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file
type=AVC msg=audit(1400258050.395:167): avc:  denied  { write } for  pid=8914 comm="ruby" name="dynflow_socket" dev=dm-0 ino=282452 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:foreman_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1400258050.395:167): avc:  denied  { connectto } for  pid=8914 comm="ruby" path="/var/run/foreman/sockets/dynflow_socket" scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket

#3 Updated by Lukas Zapletal over 6 years ago

  • Status changed from Ready For Testing to Rejected

We need tasks policy really, testing that.

Also available in: Atom PDF