[Pulp-list] SELinux errors on upgrade

Fri, 14 May 2021 10:46:12 -0700 

Hi,

I recently tried to update my pulp3 install.  It was installed using the 
ansible installer.  I believe the original install was working because the 
ansible installer ran without any errors.

I never got much of chance to try it out though.  When I revisited pulp3 I saw 
there was an update.  I may not have run the update properly the first time.

Now when I run the installer it gets stuck checking the health of the pulp3 
services and then fails.

Note that my system is running SELinux in enforcing mode.

I've looked at the logs and I'm seeing lots of permission denied messages.  
Checking the SELinux logs shows:

type=AVC msg=audit(1621012482.823:159368): avc:  denied  { create } for  
pid=107534 comm="rq" name="reserved-resource-worker-1.pid" 
scontext=system_u:system_r:init_t:s0 
tcontext=system_u:object_r:pulpcore_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621012483.052:159369): avc:  denied  { create } for  
pid=107542 comm="rq" name="reserved-resource-worker-2.pid" 
scontext=system_u:system_r:init_t:s0 
tcontext=system_u:object_r:pulpcore_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621012486.569:159424): avc:  denied  { name_connect } for  
pid=107595 comm="rq" dest=5432 scontext=system_u:system_r:init_t:s0 
tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1621012488.581:159430): avc:  denied  { name_connect } for  
pid=107611 comm="gunicorn" dest=5432 scontext=system_u:system_r:init_t:s0 
tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1621012489.177:159435): avc:  denied  { create } for  
pid=107595 comm="rq" name="resource-manager.pid" 
scontext=system_u:system_r:init_t:s0 
tcontext=system_u:object_r:pulpcore_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621012490.511:159443): avc:  denied  { read } for  
pid=107611 comm="gunicorn" name="autocomplete.css" dev="sda5" ino=8390506 
scontext=system_u:system_r:init_t:s0 
tcontext=unconfined_u:object_r:pulpcore_var_lib_t:s0 tclass=lnk_file 
permissive=0

Not sure if this is something I did or if these logs might help debug anything.

Thanks,
-Sheldon

_______________________________________________
Pulp-list mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/pulp-list

Reply via email to