Issue #1711: The pulp_streamer service fails to start with SELinux errors - Pulp

Actions

Send by e-mail Copy link

Issue #1711

closed

The pulp_streamer service fails to start with SELinux errors

Added by jcline@redhat.com about 8 years ago. Updated about 5 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

rbarlow

Category:

Sprint/Milestone:

Start date:

Due date:

Estimated time:

Severity:

2. Medium

Version:

Master

Platform Release:

2.8.0

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Pulp 2

Sprint:

Quarter:

Description

The pulp streamer fails to start during our Jenkies test runs on Fedora 22.

[jenkins@f22-vanilla-np-qeos-76048 ~]$ sudo journalctl -u pulp_streamer
-- Logs begin at Sun 2015-12-20 02:15:13 UTC, end at Tue 2016-02-23 19:54:51 UTC. --
Feb 23 19:18:57 f22-vanilla-np-qeos-76048 systemd[1]: Started The Pulp lazy content loading streamer.
Feb 23 19:18:57 f22-vanilla-np-qeos-76048 systemd[1]: Starting The Pulp lazy content loading streamer...
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: Unhandled Error
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: Traceback (most recent call last):
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 642, in run
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: runApp(config)
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: _SomeApplicationRunner(config).run()
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 376, in run
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: self.application = self.createOrGetApplication()
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 441, in createOrGetApplication
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: application = getApplication(self.config, passphrase)
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: --- <exception caught here> ---
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 452, in getApplication
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: application = service.loadApplication(filename, style, passphrase)
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/twisted/application/service.py", line 403, in loadApplication
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: application = sob.loadValueFromFile(filename, 'application', passphrase)
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: exec fileObj in d, d
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/share/pulp/wsgi/streamer.tac", line 10, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: from pulp.server.logs import CompliantSysLogHandler
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib/python2.7/site-packages/pulp/server/logs.py", line 10, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: from celery.signals import setup_logging
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib/python2.7/site-packages/celery/signals.py", line 16, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: from .utils.dispatch import Signal
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib/python2.7/site-packages/celery/utils/__init__.py", line 27, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: from celery.exceptions import CPendingDeprecationWarning, CDeprecationWarning
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib/python2.7/site-packages/celery/exceptions.py", line 15, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: from billiard.exceptions import (  # noqa
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/billiard/__init__.py", line 51, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: from .exceptions import (  # noqa
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/site-packages/billiard/exceptions.py", line 4, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: from multiprocessing import (
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/multiprocessing/__init__.py", line 64, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: from multiprocessing.process import Process, current_process, active_children
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/multiprocessing/process.py", line 312, in <module>
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: _current_process = _MainProcess()
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: File "/usr/lib64/python2.7/multiprocessing/process.py", line 309, in __init__
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: self._authkey = AuthenticationString(os.urandom(32))
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: exceptions.NotImplementedError: /dev/urandom (or equivalent) not found
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 pulp_streamer[14082]: Failed to load application: /dev/urandom (or equivalent) not found
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 systemd[1]: pulp_streamer.service: main process exited, code=exited, status=1/FAILURE
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 systemd[1]: Unit pulp_streamer.service entered failed state.
Feb 23 19:18:59 f22-vanilla-np-qeos-76048 systemd[1]: pulp_streamer.service failed.
[jenkins@f22-vanilla-np-qeos-76048 ~]$

This occurs because of an SELinux denial to the random source

[jenkins@f22-vanilla-np-qeos-76048 ~]$ sudo audit2allow -a

#============= dmidecode_t ==============

#!!!! This avc can be allowed using the boolean 'global_ssp'
allow dmidecode_t urandom_device_t:chr_file read;

#============= streamer_t ==============

#!!!! This avc can be allowed using the boolean 'authlogin_nsswitch_use_ldap'
allow streamer_t random_device_t:chr_file read;

#!!!! This avc can be allowed using one of the these booleans:
#     authlogin_nsswitch_use_ldap, global_ssp
allow streamer_t urandom_device_t:chr_file read;
[jenkins@f22-vanilla-np-qeos-76048 ~]$

Related issues

Actions

Send by e-mail Copy link

Also available in: Atom PDF

Project

Profile

Help

Pulp

Agile boards

Custom queries

Issue #1711

The pulp_streamer service fails to start with SELinux errors

Updated by rbarlow about 8 years ago

Updated by rbarlow about 8 years ago

Added by rbarlow about 8 years ago

Added by rbarlow about 8 years ago

Updated by rbarlow about 8 years ago

Updated by rbarlow about 8 years ago

Updated by dkliban@redhat.com about 8 years ago

Updated by bmbouter about 8 years ago

Updated by dkliban@redhat.com about 8 years ago

Updated by bmbouter about 5 years ago