Bug 1160796
| Summary: | avc:denied when syncing repos with proxy | ||
|---|---|---|---|
| Product: | [Retired] Pulp | Reporter: | Preethi Thomas <pthomas> |
| Component: | z_other | Assignee: | Brian Bouterse <bmbouter> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 2.5 | CC: | austin, igulina, mhrivnak |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | 2.5.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-11-24 21:33:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
PR available at: https://github.com/pulp/pulp/pull/1289 Merged to 2.5-testing -> 2.5-dev -> master verified [root@cloud-qe-21 ~]# rpm -qa pulp-server pulp-server-2.5.0-0.18.rc.el6.noarch [root@cloud-qe-21 ~]# [root@cloud-qe-21 ~]# pulp-admin rpm repo create --repo-id global-proxy --feed http://yum.puppetlabs.com/el/7/dependencies/x86_64/ --proxy-host http://cloud-qe-1-vm-1.idmqe.lab.eng.bos.redhat.com --proxy-port 3128 Successfully created repository [global-proxy] [root@cloud-qe-21 ~]# pulp-admin rpm repo sync run --repo-id global-proxy +----------------------------------------------------------------------+ Synchronizing Repository [global-proxy] +----------------------------------------------------------------------+ This command may be exited via ctrl+c without affecting the request. Downloading metadata... [|] ... completed Downloading repository content... [==================================================] 100% RPMs: 10/10 items Delta RPMs: 0/0 items ... completed Downloading distribution files... [==================================================] 100% Distributions: 0/0 items ... completed Importing errata... [-] ... completed Importing package groups/categories... [-] ... completed Task Succeeded Initializing repo metadata [-] ... completed Publishing Distribution files [-] ... completed Publishing RPMs [==================================================] 100% 10 of 10 items ... completed Publishing Delta RPMs ... skipped Publishing Errata [-] ... completed Publishing Comps file [-] ... completed Publishing Metadata. [-] ... completed Closing repo metadata [-] ... completed Generating sqlite files ... skipped Publishing files to web [-] ... completed Writing Listings File [-] ... completed Task Succeeded [root@cloud-qe-21 ~]# getenforce Enforcing [root@cloud-qe-21 ~]# |
Description of problem: avc:denied when syncing repos with proxy Version-Release number of selected component (if applicable): [root@cloud-qe-19 ~]# rpm -qa pulp-server pulp-server-2.5.0-0.16.rc.el7.noarch [root@cloud-qe-19 ~]# How reproducible: Steps to Reproduce: 1.create a repo with proxy 2.with selinux enabled try to sync the repo 3. Actual results: [root@cloud-qe-19 ~]# setenforce 1 [root@cloud-qe-19 ~]# [root@cloud-qe-19 ~]# [root@cloud-qe-19 ~]# pulp-admin rpm repo sync run --repo-id pulp-unittest +----------------------------------------------------------------------+ Synchronizing Repository [pulp-unittest] +----------------------------------------------------------------------+ This command may be exited via ctrl+c without affecting the request. Downloading metadata... [-] ... failed Cannot connect to proxy. Socket error: [Errno 13] Permission denied. Task Failed Importer indicated a failed response [root@cloud-qe-19 ~]# Expected results: Additional info: From the audit.log type=AVC msg=audit(1415204202.934:1067): avc: denied { name_connect } for pid=3012 comm="celery" dest=8080 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1415204202.934:1067): arch=c000003e syscall=42 success=no exit=-13 a0=20 a1=7fede27f9a30 a2=10 a3=e8 items=0 ppid=27918 pid=3012 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="celery" exe="/usr/bin/python2.7" subj=system_u:system_r:celery_t:s0 key=(null)