Project

General

Profile

Actions
Copy link

Bug #18409

closed

foreman-proxy does not start in 1.14 with SELinux activated

Added by Yvan Broccard over 7 years ago. Updated about 5 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Smart proxy
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Foreman - 1.14.1
Red Hat JIRA:

Description

Since upgraded foreman + foreman-proxy from 1.13 to 1.14, the foreman-proxy does not start anymore when SELinux is enabled. It reports an error with DHCP

The foreman-proxy log says :
I, [2017-02-06T16:32:50.931097 ] INFO -- : Successfully initialized 'foreman_proxy'
I, [2017-02-06T16:32:50.931428 ] INFO -- : Successfully initialized 'dns_nsupdate'
I, [2017-02-06T16:32:50.931480 ] INFO -- : Successfully initialized 'dns'
I, [2017-02-06T16:32:50.931520 ] INFO -- : Successfully initialized 'tftp'
E, [2017-02-06T16:32:50.960539 ] ERROR -- : Couldn't enable 'dhcp_isc': ��p$

The SELinux audit log reports that :
audit2allow < /var/log/audit/audit.log

#============= foreman_proxy_t ==============
allow foreman_proxy_t self:process execmem;

#============= logrotate_t ==============
allow logrotate_t systemd_unit_file_t:service stop;

#============= websockify_t ==============
allow websockify_t cert_t:file { getattr open read };

Files

avc.txt avc.txt 17.7 KB Yvan Broccard, 02/08/2017 05:18 AM

Related issues 1 (0 open1 closed)

Related to SELinux - Bug #16273: SELinux Preventing Foreman Proxy From StartingClosedLukas ZapletalActions
Actions
Copy link

Also available in: Atom PDF