Actions
Issue #1756
closedpulp_streamer service fails to start with SELinux errors on RHEL6
Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Master
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
pulp_streamer service fails to start with SELinux errors on RHEL6
# service pulp_streamer start
/etc/init.d/pulp_streamer: line 44: write_log_message: command not found
Starting pulp_streamer...
Traceback (most recent call last):
File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 694, in run
runApp(config)
File "/usr/lib64/python2.6/site-packages/twisted/scripts/twistd.py", line 23, in runApp
_SomeApplicationRunner(config).run()
File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 411, in run
self.application = self.createOrGetApplication()
File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 494, in createOrGetApplication
application = getApplication(self.config, passphrase)
--- <exception caught here> ---
File "/usr/lib64/python2.6/site-packages/twisted/application/app.py", line 505, in getApplication
application = service.loadApplication(filename, style, passphrase)
File "/usr/lib64/python2.6/site-packages/twisted/application/service.py", line 390, in loadApplication
application = sob.loadValueFromFile(filename, 'application', passphrase)
File "/usr/lib64/python2.6/site-packages/twisted/persisted/sob.py", line 215, in loadValueFromFile
exec fileObj in d, d
File "/usr/share/pulp/wsgi/streamer.tac", line 13, in <module>
from pulp.streamer import Streamer, load_configuration, DEFAULT_CONFIG_FILES
File "/usr/lib/python2.6/site-packages/pulp/streamer/__init__.py", line 2, in <module>
from pulp.streamer.server import Streamer, Responder, StreamerListener # noqa
File "/usr/lib/python2.6/site-packages/pulp/streamer/server.py", line 13, in <module>
from pulp.plugins.loader import api as plugins_api
File "/usr/lib/python2.6/site-packages/pulp/plugins/loader/api.py", line 7, in <module>
from pulp.plugins.loader.manager import PluginManager
File "/usr/lib/python2.6/site-packages/pulp/plugins/loader/manager.py", line 9, in <module>
from pulp.server.db.model import ContentUnit
File "/usr/lib/python2.6/site-packages/pulp/server/db/model/__init__.py", line 29, in <module>
from pulp.server.webservices.views import serializers
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/views/serializers/__init__.py", line 4, in <module>
from django.core.urlresolvers import reverse
File "/usr/lib/python2.6/site-packages/django/core/urlresolvers.py", line 15, in <module>
from django.http import Http404
File "/usr/lib/python2.6/site-packages/django/http/__init__.py", line 4, in <module>
from django.http.response import (HttpResponse, StreamingHttpResponse,
File "/usr/lib/python2.6/site-packages/django/http/response.py", line 13, in <module>
from django.utils import six, timezone
File "/usr/lib/python2.6/site-packages/django/utils/timezone.py", line 13, in <module>
import pytz
File "/usr/lib/python2.6/site-packages/pytz/__init__.py", line 466, in <module>
for l in open(os.path.join(_tzinfo_dir, "zone.tab"))
exceptions.IOError: [Errno 13] Permission denied: '/usr/share/zoneinfo/zone.tab'
Failed to load application: [Errno 13] Permission denied: '/usr/share/zoneinfo/zone.tab'
OK
Behind [Errno 13] Permission denied are SELinux denials:
# sudo audit2allow -a
#============= streamer_t ==============
allow streamer_t locale_t:dir { read search open getattr };
allow streamer_t locale_t:file { read getattr open };
#!!!! The source type 'streamer_t' can write to a 'dir' of the following types:
# mnt_t, root_t, cluster_conf_t, cluster_var_lib_t, cluster_var_run_t
allow streamer_t pulp_var_run_t:dir { write remove_name search add_name };
#!!!! The source type 'streamer_t' can write to a 'file' of the following types:
# mnt_t, root_t, cluster_conf_t, cluster_var_lib_t, cluster_var_run_t
allow streamer_t pulp_var_run_t:file { write create unlink open getattr };
Related issues
Actions