| 2021-04-08 09:33:19 |
yatin |
description |
Packstack Deployment on CentOS7 with selinux enabled fails with:-
PuppetError: Error appeared during Puppet run: 192.168.100.178_controller.pp
Error: Systemd start for httpd failed!
httpd service logs stats:-
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:8774
httpd[1569]: no listening sockets available, shutting down
AVC denied audit log:-
type=AVC msg=audit(1617806051.956:10123): avc: denied { name_bind } for pid=1569 comm="httpd" src=8774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:osapi_compute_port_t:s0 tclass=tcp_socket permissive=0
httpd is allowed to bind to any port in openstack-selinux https://github.com/redhat-openstack/openstack-selinux/blob/master/os-httpd.te#L48, but it still fails due to recent commit in openstack-selinux:- https://github.com/redhat-openstack/openstack-selinux/commit/1f3ab78f0d9b5e1d76ca420873889e9c6f54faf0
Applying recent os-podman.te in C7 fails with:-
# semodule -i /usr/share/selinux/packages/os-podman.pp.bz2
Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/os-podman/cil:3
semodule: Failed!
This is likely caused by old container-selinux package in CentOS7 and unavailable commit https://github.com/containers/container-selinux/commit/e544d77116b6182cbfa42fd2168e1f602e86b06d:-
# rpm -q container-selinux
container-selinux-2.119.2-1.911c772.el7_8.noarch
Example log:-
https://logserver.rdoproject.org/ci.centos.org/weirdo-train-promote-packstack-scenario001/274/weirdo-project/logs/latest/manifests/192.168.1.103_controller.pp.log.txt.gz
https://logserver.rdoproject.org/ci.centos.org/weirdo-train-promote-packstack-scenario001/274/weirdo-project/logs/diag/journalctl_--no-pager.txt.gz
https://logserver.rdoproject.org/ci.centos.org/weirdo-train-promote-packstack-scenario001/274/weirdo-project/logs/audit/audit.log.txt.gz
https://logserver.rdoproject.org/ci.centos.org/weirdo-train-promote-packstack-scenario001/274/rpm_packages.txt.gz
Will check with authors on how to clear this issue. |
Packstack Deployment on CentOS7 with selinux enabled fails with:-
PuppetError: Error appeared during Puppet run: 192.168.100.178_controller.pp
Error: Systemd start for httpd failed!
httpd service logs stats:-
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:8774
httpd[1569]: no listening sockets available, shutting down
AVC denied audit log:-
type=AVC msg=audit(1617806051.956:10123): avc: denied { name_bind } for pid=1569 comm="httpd" src=8774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:osapi_compute_port_t:s0 tclass=tcp_socket permissive=0
httpd is allowed to bind to any port in openstack-selinux https://github.com/redhat-openstack/openstack-selinux/blob/master/os-httpd.te#L48, but it still fails due to recent commit in openstack-selinux:- https://github.com/redhat-openstack/openstack-selinux/commit/1f3ab78f0d9b5e1d76ca420873889e9c6f54faf0
Applying recent os-podman.te in C7 fails with:-
# semodule -i /usr/share/selinux/packages/os-podman.pp.bz2
Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/os-podman/cil:3
semodule: Failed!
This is likely caused by old container-selinux package in CentOS7 and unavailable commit https://github.com/containers/container-selinux/commit/e544d77116b6182cbfa42fd2168e1f602e86b06d
# rpm -q container-selinux
container-selinux-2.119.2-1.911c772.el7_8.noarch
Example log:-
https://logserver.rdoproject.org/ci.centos.org/weirdo-train-promote-packstack-scenario001/274/weirdo-project/logs/latest/manifests/192.168.1.103_controller.pp.log.txt.gz
https://logserver.rdoproject.org/ci.centos.org/weirdo-train-promote-packstack-scenario001/274/weirdo-project/logs/diag/journalctl_--no-pager.txt.gz
https://logserver.rdoproject.org/ci.centos.org/weirdo-train-promote-packstack-scenario001/274/weirdo-project/logs/audit/audit.log.txt.gz
https://logserver.rdoproject.org/ci.centos.org/weirdo-train-promote-packstack-scenario001/274/rpm_packages.txt.gz
Will check with authors on how to clear this issue. |
|
