Project

Profile

Help

Actions
Send by e-mail Copy link

Issue #1756

closed

pulp_streamer service fails to start with SELinux errors on RHEL6

Added by lpramuk over 8 years ago. Updated over 5 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Master
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

pulp_streamer service fails to start with SELinux errors on RHEL6

# service pulp_streamer start
/etc/init.d/pulp_streamer: line 44: write_log_message: command not found
Starting pulp_streamer...
Traceback (most recent call last):
  File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 694, in run
    runApp(config)
  File "/usr/lib64/python2.6/site-packages/twisted/scripts/twistd.py", line 23, in runApp
    _SomeApplicationRunner(config).run()
  File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 411, in run
    self.application = self.createOrGetApplication()
  File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 494, in createOrGetApplication
    application = getApplication(self.config, passphrase)
--- <exception caught here> ---
  File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 505, in getApplication
    application = service.loadApplication(filename, style, passphrase)
  File "/usr/lib64/python2.6/site-packages/twisted/application/service.py", line 390, in loadApplication
    application = sob.loadValueFromFile(filename, 'application', passphrase)
  File "/usr/lib64/python2.6/site-packages/twisted/persisted/sob.py", line 215, in loadValueFromFile
    exec fileObj in d, d
  File "/usr/share/pulp/wsgi/streamer.tac", line 13, in <module>
    from pulp.streamer import Streamer, load_configuration, DEFAULT_CONFIG_FILES
  File "/usr/lib/python2.6/site-packages/pulp/streamer/__init__.py", line 2, in <module>
    from pulp.streamer.server import Streamer, Responder, StreamerListener  # noqa
  File "/usr/lib/python2.6/site-packages/pulp/streamer/server.py", line 13, in <module>
    from pulp.plugins.loader import api as plugins_api
  File "/usr/lib/python2.6/site-packages/pulp/plugins/loader/api.py", line 7, in <module>
    from pulp.plugins.loader.manager import PluginManager
  File "/usr/lib/python2.6/site-packages/pulp/plugins/loader/manager.py", line 9, in <module>
    from pulp.server.db.model import ContentUnit
  File "/usr/lib/python2.6/site-packages/pulp/server/db/model/__init__.py", line 29, in <module>
    from pulp.server.webservices.views import serializers
  File "/usr/lib/python2.6/site-packages/pulp/server/webservices/views/serializers/__init__.py", line 4, in <module>
    from django.core.urlresolvers import reverse
  File "/usr/lib/python2.6/site-packages/django/core/urlresolvers.py", line 15, in <module>
    from django.http import Http404
  File "/usr/lib/python2.6/site-packages/django/http/__init__.py", line 4, in <module>
    from django.http.response import (HttpResponse, StreamingHttpResponse,
  File "/usr/lib/python2.6/site-packages/django/http/response.py", line 13, in <module>
    from django.utils import six, timezone
  File "/usr/lib/python2.6/site-packages/django/utils/timezone.py", line 13, in <module>
    import pytz
  File "/usr/lib/python2.6/site-packages/pytz/__init__.py", line 466, in <module>
    for l in open(os.path.join(_tzinfo_dir, "zone.tab"))
exceptions.IOError: [Errno 13] Permission denied: '/usr/share/zoneinfo/zone.tab'

Failed to load application: [Errno 13] Permission denied: '/usr/share/zoneinfo/zone.tab'

OK

Behind [Errno 13] Permission denied are SELinux denials:

# sudo audit2allow -a

#============= streamer_t ==============
allow streamer_t locale_t:dir { read search open getattr };
allow streamer_t locale_t:file { read getattr open };
#!!!! The source type 'streamer_t' can write to a 'dir' of the following types:
# mnt_t, root_t, cluster_conf_t, cluster_var_lib_t, cluster_var_run_t

allow streamer_t pulp_var_run_t:dir { write remove_name search add_name };
#!!!! The source type 'streamer_t' can write to a 'file' of the following types:
# mnt_t, root_t, cluster_conf_t, cluster_var_lib_t, cluster_var_run_t

allow streamer_t pulp_var_run_t:file { write create unlink open getattr };

Related issues

Is duplicate of Pulp - Issue #1711: The pulp_streamer service fails to start with SELinux errorsCLOSED - CURRENTRELEASErbarlowActions
Actions
Copy link
 #1

Updated by rbarlow over 8 years ago

I think this is a duplicate of https://pulp.plan.io/issues/1711. Have you tried with our most recent beta (0.8 I think)?

Actions
Copy link
 #3

Updated by bmbouter over 8 years ago

I also think this is a duplicate.

Actions
Copy link
 #4

Updated by lpramuk over 8 years ago

I dont think it s a duplicate
#1711 is about accessing urandom
#1756 (this) is about accessing locale on rhel6

By recent beta you mean what?
I hit this issue with python-pulp-streamer-2.8.0.0-0.5.beta.el6sat.noarch

Actions
Copy link
 #5

Updated by lpramuk over 8 years ago

I see beta of python-selinux
I'll try it

Actions
Copy link
 #6

Updated by lpramuk over 8 years ago

I agree on duplicate, I missed somehow the line ' miscfiles_read_localization(streamer_t)' in PR#2457
Tested pulp-selinux-2.8.0-0.8.beta.el6.noarch.rpm without any selinux denials

Actions
Copy link
 #7

Updated by bmbouter over 8 years ago

  • Status changed from NEW to CLOSED - DUPLICATE
  • Triaged changed from No to Yes

Thanks lpramuk!

Actions
Copy link
 #8

Updated by bmbouter over 8 years ago

  • Is duplicate of Issue #1711: The pulp_streamer service fails to start with SELinux errors added
Actions
Copy link
 #10

Updated by bmbouter over 5 years ago

  • Tags Pulp 2 added
Actions
Send by e-mail Copy link

Also available in: Atom PDF