Dear all, my foreman instance refused to start today, after running normally the whole weekend.
The reason was selinux (sorry for the wrapping in the mail): > Mar 27 09:30:12 foreman setroubleshoot: SELinux is preventing > postgres from 'read, write' accesses on the file > 000000010000000000000003. For complete SELinux messages. run sealert > -l 4c591a78-465c-42f3-9bc5-621efa52c48a Mar 27 09:30:12 foreman > python: SELinux is preventing postgres from 'read, write' accesses on > the file 000000010000000000000003.#012#012***** Plugin > catchall_labels (83.8 confidence) suggests > *******************#012#012If you want to allow postgres to have read > write access on the 000000010000000000000003 file#012Then you need to > change the label on 000000010000000000000003#012Do#012# semanage > fcontext -a -t FILE_TYPE '000000010000000000000003'#012where > FILE_TYPE is one of the following: afs_cache_t, cluster_var_run_t, > faillog_t, hugetlbfs_t, initrc_tmp_t, krb5_host_rcache_t, lastlog_t, > postgresql_db_t, postgresql_lock_t, postgresql_log_t, > postgresql_tmp_t, postgresql_var_run_t, puppet_tmp_t, security_t, > user_cron_spool_t.#012Then execute:#012restorecon -v > '000000010000000000000003'#012#012#012***** Plugin catchall (17.1 > confidence) suggests **************************#012#012If you > believe that postgres should be allowed read write access on the > 000000010000000000000003 file by default.#012Then you should report > this as a bug.#012You can generate a local policy module to allow > this access.#012Do#012allow this access for now by executing:#012# > ausearch -c 'postgres' --raw | audit2allow -M my-postgres#012# > semodule -i my-postgres.pp#012 I have not updated any packages since friday, so I am puzzled why all of a sudden this spits out an error. Anyway, I could solve this by switching selinux to permissive temporarily. But I wonder if the foreman selinux stuff should not include a profile/exception/rule/... for this? Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: [email protected] B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
