Bug 2131031
| Summary: | SELinux is preventing java from create access on the directory .pki | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Sonam <sshewale> |
| Component: | Candlepin | Assignee: | Barnaby Court <bcourt> |
| Status: | NEW --- | QA Contact: | Satellite QE Team <sat-qe-bz-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.11.2 | CC: | ehelms, lzap, peter.vreman |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: SELinux AVC during installation on tomcat user /usr/share/tomcat/.pki directory. The Installation finishes successfully and also after the installation the directory /usr/share/tomcat/.pki. does also not exists Version-Release number of selected component (if applicable): Satellite 6.11.2 How reproducible: The alert is reproducible when the installer is re-run: Steps to Reproduce: 1. Re-run the below command to reproduce the issue: # satellite-installer --verbose --verbose-log-level=info Actual results: Every time the satellite installer is run an SELinux violation is reported Expected results: No SELinux violation Additional info: $ sudo grep sealert /var/log/messages | grep -v 'Activating service' Sep 16 07:21:01 li-lc-2750 setroubleshoot[103614]: SELinux is preventing /usr/lib/jvm/java-11-openjdk-11.0.16.1.1-1.el8_6.x86_64/bin/java from create access on the directory /usr/share/tomcat/.pki. For complete SELinux messages run: sealert -l 79f06cd8-7742-46e6-8384-12d2ca6c26d4 Sep 16 07:38:18 li-lc-2750 setroubleshoot[3926]: SELinux is preventing /usr/lib/jvm/java-11-openjdk-11.0.16.1.1-1.el8_6.x86_64/bin/java from create access on the directory .pki. For complete SELinux messages run: sealert -l 79f06cd8-7742-46e6-8384-12d2ca6c26d4 type=AVC msg=audit(09/16/2022 07:20:54.762:590700) : avc: denied { create } for pid=103466 comm=java name=.pki scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir permissive=0