Project

Profile

Help

Issue #8993

open

SELinux: avc: denied pulpcore-worker on Fedora 34

Added by StephenW over 2 years ago. Updated over 2 years ago.

Status:
NEW
Priority:
Normal
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
SELinux
Sprint:
Quarter:

Description

Hello

I installed Pulp3 on Fedora 34 using "ansible-galaxy collection install pulp.pulp_installer"

at the end of the Ansible run: TASK [pulp.pulp_installer.pulp_health_check : Checking Pulp services] msg: 'pulpcore-resource-manager.service state: stopped'

On the managed node, I see lots of avc: denied :

fedoraserver ~]# ausearch -m AVC,USER_AVC -ts recent

time->Tue Jun 29 15:59:06 2021 type=AVC msg=audit(1624975146.441:668194): avc: denied { name_connect } for pid=1129665 comm="pulpcore-worker" dest=6379 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:redis_port_t:s0 tclass=tcp_socket permissive=0

fedoraserver ~]# sepolgen-ifgen fedoraserver ~]# audit2allow -Ral

require { type init_t; }

#============= init_t ============== corenet_tcp_connect_postgresql_port(init_t) corenet_tcp_connect_redis_port(init_t)

Thank you

Also available in: Atom PDF