Project

Profile

Help

Issue #1904

closed

New SELinux Denials on Fedora 22

Added by semyers over 8 years ago. Updated over 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
Platform Release:
2.8.3
OS:
Fedora 22
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2, SELinux
Sprint:
Quarter:

Description

Squid isn't starting on our fedora 22 pulp-smash install due to selinux denials. :(

# grep -a squid /var/log/audit/audit.log | audit2allow

#============= squid_t ==============
allow squid_t squid_exec_t:file execmod;
allow squid_t tmpfs_t:file { read write getattr open };
type=AVC msg=audit(1462897205.699:918): avc:  denied  { execmod } for  pid=3701 comm="squid" path="/usr/sbin/squid" dev="vda1" ino=18220 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:squid_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1462897205.715:919): avc:  denied  { read write } for  pid=3701 comm="squid" name="squid-cf__metadata.shm" dev="tmpfs" ino=29900 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1462897205.715:920): avc:  denied  { open } for  pid=3701 comm="squid" path="/dev/shm/squid-cf__metadata.shm" dev="tmpfs" ino=29900 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1462897205.715:921): avc:  denied  { getattr } for  pid=3701 comm="squid" path="/dev/shm/squid-cf__metadata.shm" dev="tmpfs" ino=29900 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1

I can't tell if these failures are related to our config, or if squid itself has had a regression in fedora 22.

Also available in: Atom PDF