Issue #7069 has been updated by Nigel Kersten.
I assume there isn't an selinux policy that offers a more generic port for use like this? ---------------------------------------- Bug #7069: Dashboard's default port blocked by default SELinux policy https://projects.puppetlabs.com/issues/7069 Author: Scott Merrill Status: Needs Decision Priority: Normal Assignee: Nigel Kersten Category: Target version: Keywords: dashboard selinux policy Branch: Affected URL: Affected Dashboard version: 1.0.4 Trying to run Dashboard on a Red Hat Enterprise Linux 6 server with SELinux enabled does not work. The audit log records the following: type=AVC msg=audit(1302621346.304:218642): avc: denied { name_connect } for pid=27169 comm="puppetmasterd" dest=3000 scontext=system_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:ntop_port_t:s0 tclass=tcp_socket TCP port 3000 is assigned to ntop, and the default SELinux policy has a rule for the use of that port: # semanage port -l | grep 3000 ntop_port_t tcp 3000, 3001 ntop_port_t udp 3000, 3001 I haven't yet found a simple semanage command that will permit the puppetmasterd user to access the ntop port. An semanage command would be one possible easy fix. Running audit2allow suggests (among other things) the following local policy: #============= puppetmaster_t ============== allow puppetmaster_t ntop_port_t:tcp_socket name_connect; This requires the construction and compilation of a complete SELinux policy module, though, which seems a little excessive just to get Dashboard running. Defining a different port for DASHBOARD_PORT in /etc/sysconfig/puppet-dashboard does permit the dashboard to start properly, with no SELinux complaints. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
