Project

Profile

Help

Issue #1352

closed

When pulp-server SElinux policy fails to install user is not notified

Added by cduryee over 6 years ago. Updated about 3 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2, SELinux
Sprint:
Quarter:

Description

When installing Pulp, sometimes the Pulp SELinux policies will fail to install due to the selinux-policy package not being as current as the one the package was built against. This fails silently at install time and later causes issues like these:

There was an internal server error while trying to access the Pulp application.
One possible cause is that the database needs to be migrated to the latest
version. If this is the case, run pulp-manage-db and restart the services. More
information may be found in Apache's log.

This appears to be caused by an selinux denial:

type=AVC msg=audit(1446667384.635:236): avc:  denied  { getattr } for  pid=1485 comm="httpd" path="/
srv/pulp/webservices.wsgi" dev="vda1" ino=387475 scontext=system_u:system_r:httpd_t:s0 tcontext=syst
em_u:object_r:var_t:s0 tclass=file permissive=0

I was able to log in after running "setenforce 0".

Also available in: Atom PDF