Pulp

Hi,

As a part of running the pulp-2 ansible installer, when the task that starts Squid service runs. The job fails.
The same job, however, runs with SELinux disabled.

On, looking at the journal logs, we can see that

Aug 16 18:13:55 f28-os-4786 systemd[1]: Reloading.
Aug 16 18:13:55 f28-os-4786 systemd[1]: Starting Squid caching proxy...
Aug 16 18:13:55 f28-os-4786 audit[22168]: AVC avc:  denied  { dac_override } for  pid=22168 comm="cache_swap.sh" capability=1  scontext=system_u:system_r:squid_t:s0 tcontext=system_u:system_r:squid_t:s0 tclass=capability permissive=0
Aug 16 18:13:55 f28-os-4786 cache_swap.sh[22163]: init_cache_dir /var/spool/squid... /usr/libexec/squid/cache_swap.sh: line 14: /var/log/squid/squid.out: Permission denied
Aug 16 18:13:55 f28-os-4786 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=squid comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

Pulp Version info:

pulp-admin-client-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
pulp-deb-admin-extensions-1.8.0-0.1.alpha.201808161014git4df9825.fc28.noarch
pulp-docker-admin-extensions-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch
pulp-docker-plugins-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch
pulp-ostree-admin-extensions-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch
pulp-ostree-plugins-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch
pulp-puppet-admin-extensions-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch
pulp-puppet-plugins-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch
pulp-puppet-tools-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch
pulp-python-admin-extensions-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch
pulp-python-plugins-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch
pulp-rpm-admin-extensions-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch
pulp-rpm-plugins-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch
pulp-selinux-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
pulp-server-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-bindings-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-client-lib-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-common-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-deb-common-1.8.0-0.1.alpha.201808161014git4df9825.fc28.noarch
python-pulp-docker-common-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch
python-pulp-oid_validation-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-ostree-common-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch
python-pulp-puppet-common-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch
python-pulp-python-common-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch
python-pulp-repoauth-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-rpm-common-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch
python-pulp-streamer-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch

OS-version:

NAME=Fedora
VERSION="28 (Cloud Edition)"
ID=fedora
VERSION_ID=28
PLATFORM_ID="platform:f28"
PRETTY_NAME="Fedora 28 (Cloud Edition)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:28"
HOME_URL="https://fedoraproject.org/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=28
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=28
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Cloud Edition"
VARIANT_ID=cloud

The whole logs are attached with this bug.