Issue #3926
Updated by ragbalak over 5 years ago
Hi, As a part of running the pulp-2 ansible installer, when the task that starts Squid service runs. The job fails. The same job, however, runs with SELinux disabled. On, looking at the journal logs, we can see that <pre> Aug 16 18:13:55 f28-os-4786 systemd[1]: Reloading. Aug 16 18:13:55 f28-os-4786 systemd[1]: Starting Squid caching proxy... Aug 16 18:13:55 f28-os-4786 audit[22168]: AVC avc: denied { dac_override } for pid=22168 comm="cache_swap.sh" capability=1 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:system_r:squid_t:s0 tclass=capability permissive=0 Aug 16 18:13:55 f28-os-4786 cache_swap.sh[22163]: init_cache_dir /var/spool/squid... /usr/libexec/squid/cache_swap.sh: line 14: /var/log/squid/squid.out: Permission denied Aug 16 18:13:55 f28-os-4786 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=squid comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' </pre> Pulp Version info: <pre> pulp-admin-client-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch pulp-deb-admin-extensions-1.8.0-0.1.alpha.201808161014git4df9825.fc28.noarch pulp-docker-admin-extensions-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch pulp-docker-plugins-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch pulp-ostree-admin-extensions-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch pulp-ostree-plugins-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch pulp-puppet-admin-extensions-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch pulp-puppet-plugins-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch pulp-puppet-tools-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch pulp-python-admin-extensions-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch pulp-python-plugins-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch pulp-rpm-admin-extensions-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch pulp-rpm-plugins-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch pulp-selinux-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch pulp-server-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch python-pulp-bindings-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch python-pulp-client-lib-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch python-pulp-common-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch python-pulp-deb-common-1.8.0-0.1.alpha.201808161014git4df9825.fc28.noarch python-pulp-docker-common-3.3.0-0.1.alpha.201808160954gitbe4d536.fc28.noarch python-pulp-oid_validation-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch python-pulp-ostree-common-1.4.0-0.1.alpha.201808160956git2c2d534.fc28.noarch python-pulp-puppet-common-2.18.0-0.1.alpha.201808160959git44a02f8.fc28.noarch python-pulp-python-common-2.1.0-0.1.alpha.201808160953git5e2aa35.fc28.noarch python-pulp-repoauth-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch python-pulp-rpm-common-2.18.0-0.1.alpha.201808161002gitb99f97c.fc28.noarch python-pulp-streamer-2.18.0-0.1.alpha.201808161007gita8533cd.fc28.noarch </pre> OS-version: <pre> NAME=Fedora VERSION="28 (Cloud Edition)" ID=fedora VERSION_ID=28 PLATFORM_ID="platform:f28" PRETTY_NAME="Fedora 28 (Cloud Edition)" ANSI_COLOR="0;34" CPE_NAME="cpe:/o:fedoraproject:fedora:28" HOME_URL="https://fedoraproject.org/" SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=28 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=28 PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy" VARIANT="Cloud Edition" VARIANT_ID=cloud </pre> The whole logs are attached with this bug.