Bug 740333 - Luci fails to create session files on selinux enforcing mode
Summary: Luci fails to create session files on selinux enforcing mode
Keywords:
Status: CLOSED DUPLICATE of bug 737635
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-21 16:55 UTC by Radek Steiger
Modified: 2012-11-23 21:07 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-21 19:36:57 UTC


Attachments (Terms of Use)
audit.log entries from luci start to client connection failure (8.36 KB, text/x-log)
2011-09-21 16:55 UTC, Radek Steiger
no flags Details

Description Radek Steiger 2011-09-21 16:55:56 UTC
Created attachment 524245 [details]
audit.log entries from luci start to client connection failure

Description of problem:

When luci is started with selinux enforcing mode on, connecting to luci port with a browser results in Internal Server Error.

It looks like luci is unable to create a directory structure under /var/run/luci/sessions upon initiating a user connection. 

audit.log fills with these messages:

type=AVC msg=audit(1316622511.915:47850): avc:  denied  { create } for  pid=5845 comm="paster" name="container_file" scontext=unconfined_u:system_r:piranha_web_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 t
class=dir
type=SYSCALL msg=audit(1316622511.915:47850): arch=c000003e syscall=83 success=no exit=-13 a0=7fc7b008f170 a1=1e8 a2=7fc7cd51ddc8 a3=7fc7bd860e78 items=0 ppid=1 pid=5845 auid=0 uid=141 gid=141 euid=141 suid=141
 fsuid=141 egid=141 sgid=141 fsgid=141 tty=(none) ses=1 comm="paster" exe="/usr/bin/python" subj=unconfined_u:system_r:piranha_web_t:s0 key=(null)



Version-Release number of selected component (if applicable):
luci-0.23.0-28.el6
selinux-policy-3.7.19-111


How reproducible:
Always


Steps to Reproduce:
1. update to latest 6.2 packages
2. make sure selinux is in Enforcing mode
3. start luci
4. open the desired URL in any browser

  
Actual results:
Internal Server Error


Expected results:
Luci shows the login page.


Additional info:
See the attached log. First three entries appear when luci is starting, but do not seem to be fatal. The rest is added after a user initiates a connection

Comment 2 Daniel Walsh 2011-09-21 17:43:11 UTC
/var/run/luci is mislabeled.

restorecon -R -v /var/run/luci

Whatever process/init script that is creating this directory has to fix the label after its creation.

Comment 3 Ryan McCabe 2011-09-21 19:36:57 UTC

*** This bug has been marked as a duplicate of bug 737635 ***


Note You need to log in before you can comment on or make changes to this bug.