Bug 507499
Summary: | Puppet Appears To Cause ifconfig_t errors in Selinux When Host Runs Enforcing Mode | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bob Cochran <cochranb> | ||||
Component: | puppet | Assignee: | Jeroen van Meeuwen <vanmeeuwen+fedora> | ||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 11 | CC: | dwalsh, k.georgiou, tmz, vanmeeuwen+fedora | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-06-24 14:29:10 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Bob Cochran
2009-06-23 01:28:00 UTC
Created attachment 349023 [details]
Text of sealert related to this bug
You can add these rules now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.12-57.fc11 Dan, thanks a lot. Here is what I did on two different machines (my puppetmaster server and a second Fedora 11, i386 machine acting mainly as a puppet client right now:) [root@deafeng3 ~]# grep avc /var/log/audit/audit.log | audit2allow -M mypol ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i mypol.pp [root@deafeng3 ~]# semodule -i mypol.pp [root@deafeng3 ~]# I believe these messages in /var/log/messages might be related to the above: Jun 23 22:04:01 deafeng3 dbus: Can't send to audit system: USER_AVC avc: received policyload notice (seqno=2)#012: exe="?" (sauid=81, hostname=?, addr=?, terminal=?) Jun 23 22:04:01 deafeng3 dbus: avc: received policyload notice (seqno=2) Jun 23 22:04:01 deafeng3 dbus: Reloaded configuration The above is for my puppetmaster server machine. On the client machine, I got the same messages, but the 'recieved policyload notice' message appeared first followed by the 'Can't send to audit system' message followed by the 'Reloaded configuration' message. I'll keep an eye out for the avc denial messages and report any that show up. Hopefully I can return both machines to enforcing mode. Bob I believe this is resolved then? If not, please reopen. Thanks! I believe this is resolved then? If not, please reopen. Thanks! |