Bug 732486 - Puppet-server SELinux denials
Summary: Puppet-server SELinux denials
Keywords:
Status: CLOSED DUPLICATE of bug 718390
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: puppet
Version: el6
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Jeroen van Meeuwen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-22 16:06 UTC by Erinn Looney-Triggs
Modified: 2011-08-22 16:42 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-22 16:42:08 UTC


Attachments (Terms of Use)

Description Erinn Looney-Triggs 2011-08-22 16:06:08 UTC
Description of problem:

rpm -q puppet-server
puppet-server-2.6.6-1.el6.noarch

sudo service puppetmaster restart
Stopping puppetmaster:
Starting puppetmaster: 
puppetmasterd/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:101:in
`register_xmlrpc': uninitialized constant Puppet::Network::Handler
(NameError)
        from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:100:in
`each'
        from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:100:in
`register_xmlrpc'
        from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:68:in
`initialize'
        from
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in `new'
        from
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in `main'
        from
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:46:in `run_command'
        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in
`exit_on_fail'
        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
        from /usr/sbin/puppetmasterd:4

And then a slew of SELinux errors:
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.587:15661): item=1
name=(null) inode=1 dev=00:00 mode=040755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:sysfs_t:s0
node=example.com type=PATH msg=audit(1314027487.587:15661): item=0
name="./sys/admin.rb"
node=example.com type=CWD msg=audit(1314027487.587:15661):  cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.587:15661):
arch=c000003e syscall=4 success=no exit=-13 a0=7fdbe8bbb780
a1=7fffadb95820 a2=7fffadb95820 a3=a items=2 ppid=21923 pid=21924
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.587:15661): avc:  denied 
{ search } for  pid=21924 comm="puppetmasterd" name="/" dev=sysfs ino=1
scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.588:15662): item=1
name=(null) inode=1 dev=00:00 mode=040755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:sysfs_t:s0
node=example.com type=PATH msg=audit(1314027487.588:15662): item=0
name="./sys/admin.so"
node=example.com type=CWD msg=audit(1314027487.588:15662):  cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.588:15662):
arch=c000003e syscall=4 success=no exit=-13 a0=7fdbe8bbb780
a1=7fffadb95820 a2=7fffadb95820 a3=a items=2 ppid=21923 pid=21924
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.588:15662): avc:  denied 
{ search } for  pid=21924 comm="puppetmasterd" name="/" dev=sysfs ino=1
scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.832:15663): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.832:15663):  cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.832:15663):
arch=c000003e syscall=4 success=no exit=-13 a0=c65090 a1=7fffadb72020
a2=7fffadb72020 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.832:15663): avc:  denied 
{ getattr } for  pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.839:15664): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.839:15664):  cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.839:15664):
arch=c000003e syscall=4 success=no exit=-13 a0=c271f0 a1=7fffadb71fd0
a2=7fffadb71fd0 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.839:15664): avc:  denied 
{ getattr } for  pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.842:15665): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.842:15665):  cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.842:15665):
arch=c000003e syscall=4 success=no exit=-13 a0=fe0cc0 a1=7fffadb66a50
a2=7fffadb66a50 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.842:15665): avc:  denied 
{ getattr } for  pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.844:15666): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.844:15666):  cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.844:15666):
arch=c000003e syscall=4 success=no exit=-13 a0=94ee50 a1=7fffadb59300
a2=7fffadb59300 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.844:15666): avc:  denied 
{ getattr } for  pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.847:15667): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.847:15667):  cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.847:15667):
arch=c000003e syscall=4 success=no exit=-13 a0=d4c5f0 a1=7fffadb5a270
a2=7fffadb5a270 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.847:15667): avc:  denied 
{ getattr } for  pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.848:15668): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.848:15668):  cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.848:15668):
arch=c000003e syscall=4 success=no exit=-13 a0=aa8d80 a1=7fffadb56c00
a2=7fffadb56c00 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.848:15668): avc:  denied 
{ getattr } for  pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file

Comment 1 Todd Zullinger 2011-08-22 16:42:08 UTC

*** This bug has been marked as a duplicate of bug 718390 ***


Note You need to log in before you can comment on or make changes to this bug.