Bug 1364124
| Summary: | Invalid selinux context errors in journalctl for some puppet objects | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | James Olin Oden <joden> | ||||
| Component: | Provisioning | Assignee: | satellite6-bugs <satellite6-bugs> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Katello QA List <katello-qa-list> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.2.0 | CC: | joden, lzap | ||||
| Target Milestone: | Unspecified | ||||||
| Target Release: | Unused | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-05-12 08:09:52 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
I was not able to recreate this just by re-installing and running fusor-installer. I checked before I ran it too. There is this error in there after I ran fusor-installer: Aug 04 14:42:32 b.b.b puppet-agent[16302]: Starting Puppet client version 3.8.6 Aug 04 14:42:32 b.b.b puppet-agent[16415]: Unable to fetch my node definition, but the agent run will continue: Aug 04 14:42:32 b.b.b puppet-agent[16415]: Connection refused - connect(2) Aug 04 14:42:32 b.b.b puppet-agent[16415]: (/File[/var/lib/puppet/facts.d]) Failed to generate additional resources using 'eval_generate': Connection refused - connect(2) Aug 04 14:42:32 b.b.b puppet-agent[16415]: (/File[/var/lib/puppet/facts.d]) Could not evaluate: Could not retrieve file metadata for puppet://b.b.b/pluginfacts: Connection refused - connect(2) Aug 04 14:42:32 b.b.b puppet-agent[16415]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': Connection refused - connect(2) Aug 04 14:42:32 b.b.b puppet-agent[16415]: (/File[/var/lib/puppet/lib]) Could not evaluate: Could not retrieve file metadata for puppet://b.b.b/plugins: Connection refused - connect(2) Aug 04 14:42:35 b.b.b puppet-agent[16415]: Could not retrieve catalog from remote server: Connection refused - connect(2) Aug 04 14:42:35 b.b.b puppet-agent[16415]: Using cached catalog Aug 04 14:42:35 b.b.b puppet-agent[16415]: Could not retrieve catalog; skipping run Aug 04 14:42:35 b.b.b puppet-agent[16415]: Could not send report: Connection refused - connect(2) Aug 04 14:42:35 b.b.b puppet[16302]: /usr/share/ruby/vendor_ruby/puppet/agent.rb:87:in `exit': no implicit conversion from nil to integer (TypeError) Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/agent.rb:87:in `block in run_in_fork' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/agent.rb:84:in `fork' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/agent.rb:84:in `run_in_fork' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/agent.rb:43:in `block in run' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/application.rb:179:in `call' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/application.rb:179:in `controlled_run' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/agent.rb:41:in `run' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/daemon.rb:175:in `block in run_event_loop' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/scheduler/job.rb:49:in `call' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/scheduler/job.rb:49:in `run' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/scheduler/scheduler.rb:39:in `block in run_ready' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/scheduler/scheduler.rb:34:in `each' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/scheduler/scheduler.rb:34:in `run_ready' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/scheduler/scheduler.rb:11:in `run_loop' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/daemon.rb:198:in `run_event_loop' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/daemon.rb:154:in `start' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/application/agent.rb:383:in `main' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/application/agent.rb:329:in `run_command' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/application.rb:381:in `block (2 levels) in run' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/application.rb:507:in `plugin_hook' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/application.rb:381:in `block in run' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/util.rb:496:in `exit_on_fail' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/application.rb:381:in `run' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:146:in `run' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/share/ruby/vendor_ruby/puppet/util/command_line.rb:92:in `execute' Aug 04 14:42:35 b.b.b puppet[16302]: from /usr/bin/puppet:8:in `<main>' James, I think this is a Satellite issue and not specific to QCI. Please reassign to Satellite. Resetting to be a Satellite bug. This is dupe of https://bugzilla.redhat.com/show_bug.cgi?id=1202924 where we provided a workaround, which is only for RHEL 7.3+: # cat > passenger-allow-check-context.cil <<EOF (typeattributeset cil_gen_require passenger_t) (typeattributeset cil_gen_require security_t) (allow passenger_t security_t (file (append getattr ioctl lock open read write))) (allow passenger_t security_t (security (check_context))) EOF # semodule -i passenger-allow-check-context.cil *** This bug has been marked as a duplicate of bug 1202924 *** |
Created attachment 1187522 [details] journalctl log Description of problem: I was looking in journalctl sometime after fusor-installer had ran and noted these errors: Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_log_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_log_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_log_t:s0 *** Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_log_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_log_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_log_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_log_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_lib_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_run_t:s0 Aug 02 14:14:02 b.b.b puppet-master[2710]: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_var_run_t:s0 There were more. I'll attach the entire journalctl. Version-Release number of selected component (if applicable): QCI-1.0-RHEL-7-20160801.t.2 How reproducible: I don't if it is or isn't. I'm not sure what triggered it. Steps to Reproduce: 1. Install QCI 2. Configure with fusor-installer 3. Check journalctl. Actual results: These selinux file context errors. Expected results: No file context errors.