Description of problem: When installing Foreman/Staypuft networkings setup fails due to dhcpd service not starting Version-Release number of selected component (if applicable): rhel-osp-installer-0.3.6-1.el6ost.noarch How reproducible: 100% on 2 tries Steps to Reproduce: 1. Clean RHEL6.5 install 2. yum install rhel-osp-installer 3. Actual results: [ERROR 2014-10-10 22:07:31 main] Repeating errors encountered during run: [ERROR 2014-10-10 22:07:31 main] Could not start Service[dhcpd]: Execution of '/sbin/service dhcpd start' returned 1: Starting dhcpd: [FAILED] [ERROR 2014-10-10 22:07:31 main] /Stage[main]/Dhcp/Service[dhcpd]/ensure: change from stopped to running failed: Could not start Service[dhcpd]: Execution of '/sbin/service dhcpd start' returned 1: Starting dhcpd: [FAILED] Expected results: install correctly Additional info: type=AVC msg=audit(1412993243.527:416): avc: denied { chown } for pid=5194 comm="dhcpd" capability=0 scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability type=SYSCALL msg=audit(1412993243.527:416): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=5193 pid=5194 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=28 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null) Workaround setenforce 0, dhcpd starts, and installer finishes on next run.
What version of selinux-policy and foreman-selinux are installed?
I see the same problem here. selinux-policy-3.7.19-231.el6.noarch foreman-selinux-1.6.0.14-1.el6sat.noarch
allow dhcpd_t self:capability chown; This already exists in rhel7. It just needs to be added to rhel6.
Which version of the dhcp package are you using? I believe you can do this by installing RHEL 6.5, registering to 6Server, not updating, and then installing dhcp which grabs the latest 6.6 package with selinux-policy-3.7.19-260.el6.noarch: #!!!! This avc is allowed in the current policy allow dhcpd_t self:capability chown; Really the bug in my opinion is that the dhcp package doesn't require a new enough selinux-policy package
*** Bug 1158941 has been marked as a duplicate of this bug. ***
commit 30d7c568dcf280caa308292bdc8f00eff9b29eab Author: Lukas Vrabec <lvrabec> Date: Tue Apr 29 12:16:30 2014 +0200 Added chown capability to dhcpd_t domain
Closing list of bugs for RHEL OSP Installer since its support cycle has already ended [0]. If there is some bug closed by mistake, feel free to re-open. For new deployments, please, use RHOSP director (starting with version 7). -- Jaromir Coufal -- Sr. Product Manager -- Red Hat OpenStack Platform [0] https://access.redhat.com/support/policy/updates/openstack/platform