Actions
Issue #9274
openPulp reports that python cannot access unix_dgram_socket when installing from pip
Status:
NEW
Priority:
Normal
Assignee:
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
SELinux
Sprint:
Quarter:
Description
On CentOS 7, we have errors like the following:
Aug 23 14:24:42 centos7 setroubleshoot: SELinux is preventing /opt/rh/rh-python38/root/usr/bin/python3.8 from connect access on the unix_dgram_socket labeled pulpcore_server_t. For complete SELinux messages run: sealert -l b988b539-f587-486d-85f6-68f9de3a3cbc
Aug 23 14:24:42 centos7 python: SELinux is preventing /opt/rh/rh-python38/root/usr/bin/python3.8 from connect access on the unix_dgram_socket labeled pulpcore_server_t.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python3.8 should be allowed connect access on unix_dgram_socket labeled pulpcore_server_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'gunicorn' --raw | audit2allow -M my-gunicorn#012# semodule -i my-gunicorn.pp#012
The installer calls:
/sbin/fixfiles restore /usr/local/lib/pulp
But both that command and:
/sbin/fixfiles restore /usr/local/lib/pulp/bin/gunicorn
Incorrectly set the context . The context is instead set to:
unconfined_u:object_r:pulpcore_server_exec_t:s0
However, the command:
restorecon -F /usr/local/lib/pulp/bin/gunicorn
correctly sets it to:
system_u:object_r:pulpcore_server_exec_t:s0
Which makes the error go away.
Related issues
Updated by mdepaulo@redhat.com over 3 years ago
- Related to Issue #9272: pulpcore-selinux needs SELinux changes for systemd Type=notify added
Actions