Bug 1868005
Summary: | Selinux blocks websockify, vnc console is blocked | |||
---|---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Jan Jansky <jjansky> | |
Component: | SELinux | Assignee: | Lukas Zapletal <lzap> | |
Status: | CLOSED ERRATA | QA Contact: | Lukas Pramuk <lpramuk> | |
Severity: | medium | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.7.0 | CC: | ktordeur, lzap | |
Target Milestone: | 6.9.0 | Keywords: | Triaged | |
Target Release: | Unused | |||
Hardware: | All | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1933164 (view as bug list) | Environment: | ||
Last Closed: | 2021-04-21 13:17:39 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: |
Description
Jan Jansky
2020-08-11 11:49:40 UTC
Oh this does not mean it cannot execute python, it actually means "python cannot list /usr/bin folder (execute)". This will fix this: require { type websockify_t; } #============= websockify_t ============== corecmd_exec_ls(websockify_t) Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/30657 has been resolved. The fix for this bugzilla is currently in early Satellite 6.9 SNAP; therefore, aligning to release and moving state. VERIFIED. @Satellite 6.9.0 Snap16 foreman-selinux-2.3.1-1.el7sat.noarch by the reproducer described in comment#0 1) Select any provisioned host 2) Click [Console] button >>> console window shown 3) Check for selinux denials # grep websockify /var/log/audit/audit.log <empty> >>> no selinux denials Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.9 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1313 |