Activity
From 09/29/2014 to 10/28/2014
10/28/2014
10/22/2014
- 10:52 AM Bug #8030 (Closed): Permission denied - bind(2) on DNS lookup when creating a host
- I stood up an instance of Foreman on a centOS7 machine following the instructions at: http://www.theforeman.org/manua...
10/21/2014
- 05:01 AM Bug #7932 (Closed): LDAP does not work
- Applied in changeset commit:aab37c64a87a4b4e332511a050329c9e28be833e.
- 05:01 AM Bug #7719 (Closed): Selinux prevents console from starting/connecting
- Applied in changeset commit:b696bcf7fe8041d0ad950d41be0a65bd4f186e75.
- 03:52 AM Revision aab37c64: Fixes #7932 - added LDAP support for passenger
- 03:51 AM Revision 9fb84170: Refs #7719 - added websockify rules for VNC console
- 03:51 AM Revision b696bcf7: Fixes #7719 - added ssh rules for libvirt CR
10/14/2014
- 03:01 AM Bug #7932 (Ready For Testing): LDAP does not work
- 02:51 AM Bug #7932 (Closed): LDAP does not work
- Not able to authenticate using AD or LDAP authentication source on Satellite when installed on RHEL 7
Version-Rele...
10/13/2014
- 05:16 AM Bug #7719: Selinux prevents console from starting/connecting
- I saw the exact denials on my host. I've added these to the patch, thanks.
- 03:30 AM Bug #7719: Selinux prevents console from starting/connecting
- Adding above rules to the git df4d9d88afb6edc74c37072b3a15cb517eaa3547 makes my console work! :)
- 02:57 AM Bug #7719: Selinux prevents console from starting/connecting
- semodule -DB, try to access console:
/var/log/audit/audit.log
type=AVC msg=audit(1413182319.822:4621): avc: deni...
10/10/2014
- 09:59 AM Bug #7719: Selinux prevents console from starting/connecting
- Andreas,
I get the very same error: WebSock error: [object Event].
But when I try to set Permissive, I still ha... - 04:13 AM Bug #7719: Selinux prevents console from starting/connecting
- Tried with the latest foreman-selinux-branch (libvirt-ssh-7719):
[root@katello2 ~]# #git clone https://github.com/...
10/09/2014
- 10:14 AM Bug #7719 (Ready For Testing): Selinux prevents console from starting/connecting
- 09:36 AM Bug #7719 (Assigned): Selinux prevents console from starting/connecting
- 09:28 AM Bug #7719: Selinux prevents console from starting/connecting
- Ok problem solved I think, it was during restart because I had my noVNC console opened. It's the libvirt who is spawn...
- 09:02 AM Bug #7719: Selinux prevents console from starting/connecting
- Ok finally, thank to Jason Montleon, we managed to reproduce. Those are thrown when passenger is being restarted, not...
- 07:42 AM Bug #7719: Selinux prevents console from starting/connecting
- Unfortunately, I have NO idea why this runs ssh binary. From what I've seen the ruby ssh client library is pure ruby....
- 09:26 AM Bug #7524 (Duplicate): Adding libvirt compute resource ersults in error
- Ok this is dupe: http://projects.theforeman.org/issues/7719
I will have the patch this week. Thanks for the report!
10/02/2014
- 02:15 AM Bug #7524: Adding libvirt compute resource ersults in error
- Hello,
I did some testing and I became aware of the following fact:
Changing the permission with "chcon -R system...
09/30/2014
- 10:05 AM Bug #7388 (Closed): Policy module isn't reloaded when upgrading RPM
- 06:54 AM Revision 2f345dec: refs #7388 - make foreman-selinux-enable upgrade-safe
09/29/2014
- 01:20 PM Bug #7524: Adding libvirt compute resource ersults in error
- Would you mind sharing the denial you get after you executed the above command and set Enforcing again?
I doubt co... - 10:26 AM Bug #7524: Adding libvirt compute resource ersults in error
- Hey,
no this does not fix the issue ! Maybe the "user_home_dir_t" flag of the parent directory is missing ? - 11:02 AM Bug #7729 (Closed): Websockify not allowed to read certs
- Applied in changeset commit:01ba3e1e9d7b8fdd8d19514f616c04847f4f4d10.
- 04:53 AM Bug #7729 (Ready For Testing): Websockify not allowed to read certs
- 04:49 AM Bug #7729 (Closed): Websockify not allowed to read certs
- Katello uses certs in /etc/pki/katello for websockets, but access to these is denied by SELinux:
type=AVC msg=... - 10:24 AM Bug #7727 (Rejected): Ssh finish script does not work under Enforcing
- Ok it really looks like this is issue when connecting to console. Need to dig later on.
- 04:47 AM Bug #7727 (Rejected): Ssh finish script does not work under Enforcing
- As reported here:...
- 06:22 AM Bug #7719: Selinux prevents console from starting/connecting
- Lukas Zapletal wrote:
> Thanks, Andreas. Now, can you describe what actually does not work? The issue is named "Seli... - 06:11 AM Bug #7719: Selinux prevents console from starting/connecting
- Added foreman-debug-outfile.
- 05:11 AM Bug #7719: Selinux prevents console from starting/connecting
- Thanks, Andreas. Now, can you describe what actually does not work? The issue is named "Selinux prevents console from...
- 05:00 AM Bug #7719: Selinux prevents console from starting/connecting
- type=AVC msg=audit(1411981245.749:98): avc: denied { getattr } for pid=2169 comm="ruby" path="/usr/bin/ssh" dev=dm...
- 04:52 AM Bug #7719 (Ready For Testing): Selinux prevents console from starting/connecting
- 04:51 AM Bug #7719: Selinux prevents console from starting/connecting
- I created #7729 for the websockets Katello issue
- 04:45 AM Bug #7719: Selinux prevents console from starting/connecting
- Trusting the /etc/pki/katello/certs/katello-default-ca.crt in my browser (FF32.0.3/Windows 7) did not change the beha...
- 04:45 AM Bug #7719: Selinux prevents console from starting/connecting
- Andreas, can you paste us the denials when you run in Enforcing and the console does not work? The output above does ...
- 04:42 AM Bug #7719: Selinux prevents console from starting/connecting
- This looks really like issue for the ssh finish script, because websockify runs in its own domain.
I think we need... - 04:41 AM Bug #7719: Selinux prevents console from starting/connecting
- Have you trusted the Katello CA certificate in your browser? That should fix the encrypted web sockets.
If you're ... - 03:51 AM Bug #7719 (New): Selinux prevents console from starting/connecting
- 04:59 AM Revision 01ba3e1e: fixes #7729 - allow websockify to read certs
Also available in: Atom