Bug 740333
| Summary: | Luci fails to create session files on selinux enforcing mode | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Radek Steiger <rsteiger> | ||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Milos Malik <mmalik> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.2 | CC: | dwalsh, mmalik, rmccabe, rsteiger | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-09-21 19:36:57 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
/var/run/luci is mislabeled. restorecon -R -v /var/run/luci Whatever process/init script that is creating this directory has to fix the label after its creation. *** This bug has been marked as a duplicate of bug 737635 *** |
Created attachment 524245 [details] audit.log entries from luci start to client connection failure Description of problem: When luci is started with selinux enforcing mode on, connecting to luci port with a browser results in Internal Server Error. It looks like luci is unable to create a directory structure under /var/run/luci/sessions upon initiating a user connection. audit.log fills with these messages: type=AVC msg=audit(1316622511.915:47850): avc: denied { create } for pid=5845 comm="paster" name="container_file" scontext=unconfined_u:system_r:piranha_web_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 t class=dir type=SYSCALL msg=audit(1316622511.915:47850): arch=c000003e syscall=83 success=no exit=-13 a0=7fc7b008f170 a1=1e8 a2=7fc7cd51ddc8 a3=7fc7bd860e78 items=0 ppid=1 pid=5845 auid=0 uid=141 gid=141 euid=141 suid=141 fsuid=141 egid=141 sgid=141 fsgid=141 tty=(none) ses=1 comm="paster" exe="/usr/bin/python" subj=unconfined_u:system_r:piranha_web_t:s0 key=(null) Version-Release number of selected component (if applicable): luci-0.23.0-28.el6 selinux-policy-3.7.19-111 How reproducible: Always Steps to Reproduce: 1. update to latest 6.2 packages 2. make sure selinux is in Enforcing mode 3. start luci 4. open the desired URL in any browser Actual results: Internal Server Error Expected results: Luci shows the login page. Additional info: See the attached log. First three entries appear when luci is starting, but do not seem to be fatal. The rest is added after a user initiates a connection