Project

Profile

Help

Issue #9211

open

Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment

Vagrant devel installs have SELinux errors

Added by mdepaulo@redhat.com over 2 years ago. Updated over 2 years ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Dev Environment, SELinux
Sprint:
Quarter:

Description

Because SELinux installs are in editable mode, the .pyc files produce SELinux errors.

Other SELinux errors may exist too due to the devel installs.

TASK [pulp_devel : SELinux status] *********************************************
ok: [pulp3-source-fedora34] => {
    "selinux_analyze.stdout_lines": [
        "SELinux is preventing gunicorn from search access on the directory vagrant.",
        "SELinux is preventing gunicorn from search access on the directory /.",
        "SELinux is preventing gunicorn from getattr access on the directory /home/vagrant/devel/pulpcore.",
        "SELinux is preventing gunicorn from read access on the directory models.",
        "SELinux is preventing gunicorn from open access on the directory /home/vagrant/devel/pulpcore/pulpcore/app/models.",
        "SELinux is preventing gunicorn from getattr access on the directory /home/vagrant.",
        "SELinux is preventing gunicorn from getattr access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/settings.py.",
        "SELinux is preventing gunicorn from read access on the file settings.py.",
        "SELinux is preventing gunicorn from open access on the file /home/vagrant/devel/pulpcore/pulpcore/app/settings.py.",
        "SELinux is preventing gunicorn from ioctl access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/settings.py.",
        "SELinux is preventing pulpcore-worker from read access on the file __init__.cpython-39.pyc.",
        "SELinux is preventing pulpcore-worker from open access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/__pycache__/__init__.cpython-39.pyc.",
        "SELinux is preventing pulpcore-worker from ioctl access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/__pycache__/__init__.cpython-39.pyc.",
        "SELinux is preventing pulpcore-worker from name_connect access on the tcp_socket port 5432.",
        "SELinux is preventing pulpcore-worker from add_name access on the directory 21847@pulp3-source-fedora34.localhost.example.com.",
        "SELinux is preventing pulpcore-worker from remove_name access on the directory 21235@pulp3-source-fedora34.localhost.example.com.",
        "SELinux is preventing pulpcore-worker from rmdir access on the directory 21235@pulp3-source-fedora34.localhost.example.com.",
        "SELinux is preventing nginx from read access on the file nginx.conf.",
        "SELinux is preventing nginx from open access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/webserver_snippets/nginx.conf.",
        "SELinux is preventing nginx from getattr access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/webserver_snippets/nginx.conf."
    ]
}
Actions #1

Updated by fao89 over 2 years ago

  • Description updated (diff)
Actions #2

Updated by mdepaulo@redhat.com over 2 years ago

  • Triaged changed from No to Yes
Actions #3

Updated by mdepaulo@redhat.com over 2 years ago

  • Tags SELinux added

Also available in: Atom PDF