Actions
Issue #3926
closedSquid Service fails to start in F28 with SElinux enabled
Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
Hi,
As a part of running the pulp-2 ansible installer, when the task that starts Squid service runs. The job fails.
The same job, however, runs with SELinux disabled.
On, looking at the journal logs, we can see that
Aug 16 18:13:55 f28-os-4786 systemd[1]: Reloading.
Aug 16 18:13:55 f28-os-4786 systemd[1]: Starting Squid caching proxy...
Aug 16 18:13:55 f28-os-4786 audit[22168]: AVC avc: denied { dac_override } for pid=22168 comm="cache_swap.sh" capability=1 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:system_r:squid_t:s0 tclass=capability permissive=0
Aug 16 18:13:55 f28-os-4786 cache_swap.sh[22163]: init_cache_dir /var/spool/squid... /usr/libexec/squid/cache_swap.sh: line 14: /var/log/squid/squid.out: Permission denied
Aug 16 18:13:55 f28-os-4786 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=squid comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Pulp Version info:
pulp-admin-client-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
pulp-deb-admin-extensions-1.8.0-0.1.alpha.201808161014git4df9825.fc28.noarch
pulp-docker-admin-extensions-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch
pulp-docker-plugins-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch
pulp-ostree-admin-extensions-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch
pulp-ostree-plugins-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch
pulp-puppet-admin-extensions-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch
pulp-puppet-plugins-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch
pulp-puppet-tools-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch
pulp-python-admin-extensions-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch
pulp-python-plugins-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch
pulp-rpm-admin-extensions-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch
pulp-rpm-plugins-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch
pulp-selinux-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
pulp-server-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-bindings-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-client-lib-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-common-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-deb-common-1.8.0-0.1.alpha.201808161014git4df9825.fc28.noarch
python-pulp-docker-common-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch
python-pulp-oid_validation-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-ostree-common-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch
python-pulp-puppet-common-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch
python-pulp-python-common-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch
python-pulp-repoauth-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
python-pulp-rpm-common-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch
python-pulp-streamer-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch
OS-version:
NAME=Fedora
VERSION="28 (Cloud Edition)"
ID=fedora
VERSION_ID=28
PLATFORM_ID="platform:f28"
PRETTY_NAME="Fedora 28 (Cloud Edition)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:28"
HOME_URL="https://fedoraproject.org/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=28
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=28
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Cloud Edition"
VARIANT_ID=cloud
The whole logs are attached with this bug.
Files
Actions