Bug 1825957
| Summary: | SELinux is preventing PCP's PostgreSQL PMDA to collect metrics | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Jan Kurik <jkurik> |
| Component: | pcp | Assignee: | Mark Goodwin <mgoodwin> |
| Status: | CLOSED DUPLICATE | QA Contact: | Jan Kurik <jkurik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.2 | CC: | agerstmayr, jkurik, mgoodwin, nathans, patrickm |
| Target Milestone: | rc | Keywords: | Bugfix, Triaged |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | pcp-5.1.1 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-05 02:49:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed upstream for pcp-5.1.1
commit b092126f0eb39065ab0e4072e2c93c5f356025dc
Author: Mark Goodwin <mgoodwin>
Date: Fri May 1 15:34:49 2020 +1000
selinux: fix AVC for pmdapostgresql socket write, plus QA
RHBZ#1825957
allow pcp_pmcd_t postgresql_var_run_t:sock_file write;
Also update qa/917
*** Bug 1835161 has been marked as a duplicate of this bug. *** Verified on pcp-5.1.1-2.el8 build. |
Description of problem: After installation of pcp-pmda-postgresql this PMDA does not collect statistics from a PostgreSQL instance due to a SELinux issue. Version-Release number of selected component (if applicable): pcp-5.0.2-5.el8 selinux-policy-3.14.3-41.el8 How reproducible: Always Steps to Reproduce: 1. Install RHEL-8.2 release 2. Install RPMs of pcp, pcp-pmda-postgresql, postgresql-server 3. Start the postgresql server and pmcd 4. Install PMDA # cd /var/lib/pcp/pmdas/postgresql # ./Install Actual results: * Installation throws errors: [Mon Apr 20 10:21:08] pmdapostgresql(87409) Info: Connecting to host 'local', port '5432', db 'postgres' as user 'postgres' [Mon Apr 20 10:21:08] pmdapostgresql(87409) Info: Error connecting to db postgres as user postgres: could not connect to server: No such file or directory Is the server running locally and accepting connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"? * Only one postgres metric is reported as active after the installation: Check postgresql metrics have appeared ... 1 warnings, 1 metrics and 0 values * /var/log/pcp/pmcd/postgresql.log contains error messages: [Mon Apr 20 10:56:23] pmdapostgresql(64495) Info: Error connecting to db postgres as user postgres: could not connect to server: Permission denied Is the server running locally and accepting connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"? * "ausearch -m AVC" reports AVCs type=AVC msg=audit(04/20/2020 10:15:43.559:1167) : avc: denied { write } for pid=71727 comm=python3 name=.s.PGSQL.5432 dev="tmpfs" ino=66228 scontext=system_u:system_r:pcp_pmcd_t:s0tcontext=system_u:object_r:postgresql_var_run_t:s0 tclass=sock_file permissive=0 * after the PMDA installation "pminfo -f postgresql" fails with an error message postgresql: pmLookupName: No PMCD agent for domain of request * "audit2allow -a" reports the following missing SELinux rule: #============= pcp_pmcd_t ============== allow pcp_pmcd_t postgresql_var_run_t:sock_file write; Expected results: * No AVC errors reported * No error messages during the installation * Collection of statistics works and "pminfo -f postgresql" shows real values.