Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1154365

Summary: SELinux context of /etc/sysconfig/iptables after a default installation of RHEV-H 7.0 affects registration
Product: [oVirt] otopi Reporter: Ranjith Rajaram <rrajaram>
Component: CoreAssignee: Alon Bar-Lev <alonbl>
Status: CLOSED DUPLICATE QA Contact: Pavel Stehlik <pstehlik>
Severity: low Docs Contact:
Priority: low    
Version: 1.0.0CC: bazulay, bugs, dougsland, ecohen, gklein, iheim, lsurette, rbalakri, Rhev-m-bugs, yeylon
Target Milestone: ---Flags: rrajaram: devel_ack?
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-19 11:19:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
host deploy logs none

Description Ranjith Rajaram 2014-10-19 10:33:33 UTC 
Created attachment 948219 [details]
host deploy logs

Description of problem:

While trying to register RHEVH 7.0 Build from RHEVM 3.5 Beta, I get the following error in the logs


2014-10-19 10:17:46 DEBUG otopi.plugins.otopi.services.systemd plugin.execute:866 execute-output: ('/bin/systemctl', 'start', 'iptables.service') stderr:
Job for iptables.service failed. See 'systemctl status iptables.service' and 'journalctl -xn' for details.

2014-10-19 10:17:46 DEBUG otopi.context context._executeMethod:152 method exception
Traceback (most recent call last):
  File "/tmp/ovirt-At0B3kYt5E/pythonlib/otopi/context.py", line 142, in _executeMethod
    method['method']()
  File "/tmp/ovirt-At0B3kYt5E/otopi-plugins/otopi/network/iptables.py", line 118, in _closeup
    self.services.state('iptables', True)
  File "/tmp/ovirt-At0B3kYt5E/otopi-plugins/otopi/services/systemd.py", line 138, in state
    'start' if state else 'stop'
  File "/tmp/ovirt-At0B3kYt5E/otopi-plugins/otopi/services/systemd.py", line 77, in _executeServiceCommand
    raiseOnError=raiseOnError
  File "/tmp/ovirt-At0B3kYt5E/pythonlib/otopi/plugin.py", line 871, in execute
    command=args[0],
RuntimeError: Command '/bin/systemctl' failed to execute

Attached: ovirt-20141019154746-192.168.0.19-5d2306b4.log

In the hypervisor following messages is noticed

Can't open /etc/sysconfig/iptables: Permission denied

SElinux context of the file /etc/sysconfig/iptables is unconfined_u:object_r:user_tmpfs_t:s0

Ideally the context should be unconfined_u:object_r:system_conf_t:s0

Executing restorecon fixes this issue 

[root@19 ~]# restorecon -Rv /etc/sysconfig/iptables
restorecon reset /etc/sysconfig/iptables context unconfined_u:object_r:user_tmpfs_t:s0->unconfined_u:object_r:system_conf_t:s

But the registration still fails with the problem described in BZ https://bugzilla.redhat.com/show_bug.cgi?id=1128033 #24


Version-Release number of selected component (if applicable):
RHEV-H 7.0 build 20141006.0el7ev

How reproducible:
Always

Steps to Reproduce:
1. Try to register the RHEVH 7.0 from RHEVM 3.5 beta
2.
3.

Actual results:

Registration fails with the message "RuntimeError: Command '/bin/systemctl' failed to execute"

Expected results:

Registration should succeed 

Additional info:
Comment 1 Alon Bar-Lev 2014-10-19 11:18:33 UTC 
already solved in otopi-1.3.0, please repopen if you are using it.

why is this bug marked private?
Comment 2 Alon Bar-Lev 2014-10-19 11:19:35 UTC 

*** This bug has been marked as a duplicate of bug 1146689 ***