Hide Forgot
Created attachment 524245 [details] audit.log entries from luci start to client connection failure Description of problem: When luci is started with selinux enforcing mode on, connecting to luci port with a browser results in Internal Server Error. It looks like luci is unable to create a directory structure under /var/run/luci/sessions upon initiating a user connection. audit.log fills with these messages: type=AVC msg=audit(1316622511.915:47850): avc: denied { create } for pid=5845 comm="paster" name="container_file" scontext=unconfined_u:system_r:piranha_web_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 t class=dir type=SYSCALL msg=audit(1316622511.915:47850): arch=c000003e syscall=83 success=no exit=-13 a0=7fc7b008f170 a1=1e8 a2=7fc7cd51ddc8 a3=7fc7bd860e78 items=0 ppid=1 pid=5845 auid=0 uid=141 gid=141 euid=141 suid=141 fsuid=141 egid=141 sgid=141 fsgid=141 tty=(none) ses=1 comm="paster" exe="/usr/bin/python" subj=unconfined_u:system_r:piranha_web_t:s0 key=(null) Version-Release number of selected component (if applicable): luci-0.23.0-28.el6 selinux-policy-3.7.19-111 How reproducible: Always Steps to Reproduce: 1. update to latest 6.2 packages 2. make sure selinux is in Enforcing mode 3. start luci 4. open the desired URL in any browser Actual results: Internal Server Error Expected results: Luci shows the login page. Additional info: See the attached log. First three entries appear when luci is starting, but do not seem to be fatal. The rest is added after a user initiates a connection
/var/run/luci is mislabeled. restorecon -R -v /var/run/luci Whatever process/init script that is creating this directory has to fix the label after its creation.
*** This bug has been marked as a duplicate of bug 737635 ***