Bug 732486
| Summary: | Puppet-server SELinux denials | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Erinn Looney-Triggs <erinn.looneytriggs> |
| Component: | puppet | Assignee: | Jeroen van Meeuwen <vanmeeuwen+fedora> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | el6 | CC: | k.georgiou, ktdreyer, tmz, vanmeeuwen+fedora |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-22 16:42:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 718390 *** |
Description of problem: rpm -q puppet-server puppet-server-2.6.6-1.el6.noarch sudo service puppetmaster restart Stopping puppetmaster: Starting puppetmaster: puppetmasterd/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:101:in `register_xmlrpc': uninitialized constant Puppet::Network::Handler (NameError) from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:100:in `each' from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:100:in `register_xmlrpc' from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:68:in `initialize' from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in `new' from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in `main' from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:46:in `run_command' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' from /usr/sbin/puppetmasterd:4 And then a slew of SELinux errors: ---- time->Mon Aug 22 15:38:07 2011 node=example.com type=PATH msg=audit(1314027487.587:15661): item=1 name=(null) inode=1 dev=00:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 node=example.com type=PATH msg=audit(1314027487.587:15661): item=0 name="./sys/admin.rb" node=example.com type=CWD msg=audit(1314027487.587:15661): cwd="/" node=example.com type=SYSCALL msg=audit(1314027487.587:15661): arch=c000003e syscall=4 success=no exit=-13 a0=7fdbe8bbb780 a1=7fffadb95820 a2=7fffadb95820 a3=a items=2 ppid=21923 pid=21924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby" subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null) node=example.com type=AVC msg=audit(1314027487.587:15661): avc: denied { search } for pid=21924 comm="puppetmasterd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir ---- time->Mon Aug 22 15:38:07 2011 node=example.com type=PATH msg=audit(1314027487.588:15662): item=1 name=(null) inode=1 dev=00:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 node=example.com type=PATH msg=audit(1314027487.588:15662): item=0 name="./sys/admin.so" node=example.com type=CWD msg=audit(1314027487.588:15662): cwd="/" node=example.com type=SYSCALL msg=audit(1314027487.588:15662): arch=c000003e syscall=4 success=no exit=-13 a0=7fdbe8bbb780 a1=7fffadb95820 a2=7fffadb95820 a3=a items=2 ppid=21923 pid=21924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby" subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null) node=example.com type=AVC msg=audit(1314027487.588:15662): avc: denied { search } for pid=21924 comm="puppetmasterd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir ---- time->Mon Aug 22 15:38:07 2011 node=example.com type=PATH msg=audit(1314027487.832:15663): item=0 name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0 node=example.com type=CWD msg=audit(1314027487.832:15663): cwd="/" node=example.com type=SYSCALL msg=audit(1314027487.832:15663): arch=c000003e syscall=4 success=no exit=-13 a0=c65090 a1=7fffadb72020 a2=7fffadb72020 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby" subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null) node=example.com type=AVC msg=audit(1314027487.832:15663): avc: denied { getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage" dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file ---- time->Mon Aug 22 15:38:07 2011 node=example.com type=PATH msg=audit(1314027487.839:15664): item=0 name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0 node=example.com type=CWD msg=audit(1314027487.839:15664): cwd="/" node=example.com type=SYSCALL msg=audit(1314027487.839:15664): arch=c000003e syscall=4 success=no exit=-13 a0=c271f0 a1=7fffadb71fd0 a2=7fffadb71fd0 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby" subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null) node=example.com type=AVC msg=audit(1314027487.839:15664): avc: denied { getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage" dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file ---- time->Mon Aug 22 15:38:07 2011 node=example.com type=PATH msg=audit(1314027487.842:15665): item=0 name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0 node=example.com type=CWD msg=audit(1314027487.842:15665): cwd="/" node=example.com type=SYSCALL msg=audit(1314027487.842:15665): arch=c000003e syscall=4 success=no exit=-13 a0=fe0cc0 a1=7fffadb66a50 a2=7fffadb66a50 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby" subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null) node=example.com type=AVC msg=audit(1314027487.842:15665): avc: denied { getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage" dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file ---- time->Mon Aug 22 15:38:07 2011 node=example.com type=PATH msg=audit(1314027487.844:15666): item=0 name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0 node=example.com type=CWD msg=audit(1314027487.844:15666): cwd="/" node=example.com type=SYSCALL msg=audit(1314027487.844:15666): arch=c000003e syscall=4 success=no exit=-13 a0=94ee50 a1=7fffadb59300 a2=7fffadb59300 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby" subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null) node=example.com type=AVC msg=audit(1314027487.844:15666): avc: denied { getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage" dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file ---- time->Mon Aug 22 15:38:07 2011 node=example.com type=PATH msg=audit(1314027487.847:15667): item=0 name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0 node=example.com type=CWD msg=audit(1314027487.847:15667): cwd="/" node=example.com type=SYSCALL msg=audit(1314027487.847:15667): arch=c000003e syscall=4 success=no exit=-13 a0=d4c5f0 a1=7fffadb5a270 a2=7fffadb5a270 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby" subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null) node=example.com type=AVC msg=audit(1314027487.847:15667): avc: denied { getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage" dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file ---- time->Mon Aug 22 15:38:07 2011 node=example.com type=PATH msg=audit(1314027487.848:15668): item=0 name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0 node=example.com type=CWD msg=audit(1314027487.848:15668): cwd="/" node=example.com type=SYSCALL msg=audit(1314027487.848:15668): arch=c000003e syscall=4 success=no exit=-13 a0=aa8d80 a1=7fffadb56c00 a2=7fffadb56c00 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby" subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null) node=example.com type=AVC msg=audit(1314027487.848:15668): avc: denied { getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage" dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file