Bug 1152163
| Summary: | dhcpd fails becuase of selinux violation | |||
|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Jeff Dexter <jdexter> | |
| Component: | rhel-osp-installer | Assignee: | Mike Burns <mburns> | |
| Status: | CLOSED EOL | QA Contact: | Omri Hochman <ohochman> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | Foreman (RHEL 6) | CC: | benglish, dcleal, jmontleo, jrist, mburns, mgrepl, rhallise, rhos-maint, srevivo, sthirugn, stuart.stent | |
| Target Milestone: | --- | Keywords: | ZStream | |
| Target Release: | Installer | |||
| Hardware: | All | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1161537 (view as bug list) | Environment: | ||
| Last Closed: | 2016-09-29 13:24:04 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1158941, 1161537 | |||
What version of selinux-policy and foreman-selinux are installed? I see the same problem here. selinux-policy-3.7.19-231.el6.noarch foreman-selinux-1.6.0.14-1.el6sat.noarch allow dhcpd_t self:capability chown; This already exists in rhel7. It just needs to be added to rhel6. Which version of the dhcp package are you using? I believe you can do this by installing RHEL 6.5, registering to 6Server, not updating, and then installing dhcp which grabs the latest 6.6 package with selinux-policy-3.7.19-260.el6.noarch: #!!!! This avc is allowed in the current policy allow dhcpd_t self:capability chown; Really the bug in my opinion is that the dhcp package doesn't require a new enough selinux-policy package *** Bug 1158941 has been marked as a duplicate of this bug. *** commit 30d7c568dcf280caa308292bdc8f00eff9b29eab
Author: Lukas Vrabec <lvrabec>
Date: Tue Apr 29 12:16:30 2014 +0200
Added chown capability to dhcpd_t domain
Closing list of bugs for RHEL OSP Installer since its support cycle has already ended [0]. If there is some bug closed by mistake, feel free to re-open. For new deployments, please, use RHOSP director (starting with version 7). -- Jaromir Coufal -- Sr. Product Manager -- Red Hat OpenStack Platform [0] https://access.redhat.com/support/policy/updates/openstack/platform |
Description of problem: When installing Foreman/Staypuft networkings setup fails due to dhcpd service not starting Version-Release number of selected component (if applicable): rhel-osp-installer-0.3.6-1.el6ost.noarch How reproducible: 100% on 2 tries Steps to Reproduce: 1. Clean RHEL6.5 install 2. yum install rhel-osp-installer 3. Actual results: [ERROR 2014-10-10 22:07:31 main] Repeating errors encountered during run: [ERROR 2014-10-10 22:07:31 main] Could not start Service[dhcpd]: Execution of '/sbin/service dhcpd start' returned 1: Starting dhcpd: [FAILED] [ERROR 2014-10-10 22:07:31 main] /Stage[main]/Dhcp/Service[dhcpd]/ensure: change from stopped to running failed: Could not start Service[dhcpd]: Execution of '/sbin/service dhcpd start' returned 1: Starting dhcpd: [FAILED] Expected results: install correctly Additional info: type=AVC msg=audit(1412993243.527:416): avc: denied { chown } for pid=5194 comm="dhcpd" capability=0 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability type=SYSCALL msg=audit(1412993243.527:416): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=5193 pid=5194 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=28 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null) Workaround setenforce 0, dhcpd starts, and installer finishes on next run.