Actions
Issue #1904
closed
New SELinux Denials on Fedora 22
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
Platform Release:
2.8.3
OS:
Fedora 22
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2, SELinux
Sprint:
Quarter:
Description
Squid isn't starting on our fedora 22 pulp-smash install due to selinux denials. :(
# grep -a squid /var/log/audit/audit.log | audit2allow
#============= squid_t ==============
allow squid_t squid_exec_t:file execmod;
allow squid_t tmpfs_t:file { read write getattr open };
type=AVC msg=audit(1462897205.699:918): avc: denied { execmod } for pid=3701 comm="squid" path="/usr/sbin/squid" dev="vda1" ino=18220 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:squid_exec_t:s0 tclass=file permissive=1
type=AVC msg=audit(1462897205.715:919): avc: denied { read write } for pid=3701 comm="squid" name="squid-cf__metadata.shm" dev="tmpfs" ino=29900 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1462897205.715:920): avc: denied { open } for pid=3701 comm="squid" path="/dev/shm/squid-cf__metadata.shm" dev="tmpfs" ino=29900 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1462897205.715:921): avc: denied { getattr } for pid=3701 comm="squid" path="/dev/shm/squid-cf__metadata.shm" dev="tmpfs" ino=29900 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
I can't tell if these failures are related to our config, or if squid itself has had a regression in fedora 22.
Actions
.
set selinux to permissive on fedora 22
re #1904 https://pulp.plan.io/issues/1904