Bug #18409
closed
foreman-proxy does not start in 1.14 with SELinux activated
Description
Since upgraded foreman + foreman-proxy from 1.13 to 1.14, the foreman-proxy does not start anymore when SELinux is enabled. It reports an error with DHCP
The foreman-proxy log says :
I, [2017-02-06T16:32:50.931097 ] INFO -- : Successfully initialized 'foreman_proxy'
I, [2017-02-06T16:32:50.931428 ] INFO -- : Successfully initialized 'dns_nsupdate'
I, [2017-02-06T16:32:50.931480 ] INFO -- : Successfully initialized 'dns'
I, [2017-02-06T16:32:50.931520 ] INFO -- : Successfully initialized 'tftp'
E, [2017-02-06T16:32:50.960539 ] ERROR -- : Couldn't enable 'dhcp_isc': ��p$
The SELinux audit log reports that :
audit2allow < /var/log/audit/audit.log
#============= foreman_proxy_t ==============
allow foreman_proxy_t self:process execmem;
#============= logrotate_t ==============
allow logrotate_t systemd_unit_file_t:service stop;
#============= websockify_t ==============
allow websockify_t cert_t:file { getattr open read };
Files
Updated by Yvan Broccard over 7 years ago
This could be found as well in the log :
E, [2017-02-06T16:32:50.960539 ] ERROR -- : Couldn't enable 'dhcp_isc': P<FC><85>p$?
E, [2017-02-06T16:32:50.960710 ] ERROR -- : Error during startup, terminating. Dependency 'leases_observer' is undefined
Updated by Dominic Cleal over 7 years ago
- Project changed from Foreman to SELinux
- Category changed from 56 to Smart proxy
If you have a copy of the original AVCs (rather than policy), it'd be appreciated.
Updated by Yvan Broccard over 7 years ago
Here is the AVC errors caught in the audit.log, with 3 lines context around.
Cheers
Updated by Lukas Zapletal about 5 years ago
- Status changed from New to Duplicate
- Triaged changed from No to Yes
Dupe of #16273 we are going to fix this now.
Updated by Lukas Zapletal about 5 years ago
- Related to Bug #16273: SELinux Preventing Foreman Proxy From Starting added