Puppet SELinux denials, anyone else seeing this
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Mon Aug 22 15:41:21 UTC 2011
Just wondered if anyone else was running into issues with puppetmaster
and SELinux:
rpm -q puppet-server
puppet-server-2.6.6-1.el6.noarch
sudo service puppetmaster restart
Stopping puppetmaster:
Starting puppetmaster:
puppetmasterd/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:101:in
`register_xmlrpc': uninitialized constant Puppet::Network::Handler
(NameError)
from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:100:in
`each'
from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:100:in
`register_xmlrpc'
from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:68:in
`initialize'
from
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in `new'
from
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in `main'
from
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:46:in `run_command'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in
`exit_on_fail'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
from /usr/sbin/puppetmasterd:4
And then a slew of SELinux errors:
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.587:15661): item=1
name=(null) inode=1 dev=00:00 mode=040755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:sysfs_t:s0
node=example.com type=PATH msg=audit(1314027487.587:15661): item=0
name="./sys/admin.rb"
node=example.com type=CWD msg=audit(1314027487.587:15661): cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.587:15661):
arch=c000003e syscall=4 success=no exit=-13 a0=7fdbe8bbb780
a1=7fffadb95820 a2=7fffadb95820 a3=a items=2 ppid=21923 pid=21924
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.587:15661): avc: denied
{ search } for pid=21924 comm="puppetmasterd" name="/" dev=sysfs ino=1
scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.588:15662): item=1
name=(null) inode=1 dev=00:00 mode=040755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:sysfs_t:s0
node=example.com type=PATH msg=audit(1314027487.588:15662): item=0
name="./sys/admin.so"
node=example.com type=CWD msg=audit(1314027487.588:15662): cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.588:15662):
arch=c000003e syscall=4 success=no exit=-13 a0=7fdbe8bbb780
a1=7fffadb95820 a2=7fffadb95820 a3=a items=2 ppid=21923 pid=21924
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts5 ses=1001 comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.588:15662): avc: denied
{ search } for pid=21924 comm="puppetmasterd" name="/" dev=sysfs ino=1
scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.832:15663): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.832:15663): cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.832:15663):
arch=c000003e syscall=4 success=no exit=-13 a0=c65090 a1=7fffadb72020
a2=7fffadb72020 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.832:15663): avc: denied
{ getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.839:15664): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.839:15664): cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.839:15664):
arch=c000003e syscall=4 success=no exit=-13 a0=c271f0 a1=7fffadb71fd0
a2=7fffadb71fd0 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.839:15664): avc: denied
{ getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.842:15665): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.842:15665): cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.842:15665):
arch=c000003e syscall=4 success=no exit=-13 a0=fe0cc0 a1=7fffadb66a50
a2=7fffadb66a50 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.842:15665): avc: denied
{ getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.844:15666): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.844:15666): cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.844:15666):
arch=c000003e syscall=4 success=no exit=-13 a0=94ee50 a1=7fffadb59300
a2=7fffadb59300 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.844:15666): avc: denied
{ getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.847:15667): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.847:15667): cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.847:15667):
arch=c000003e syscall=4 success=no exit=-13 a0=d4c5f0 a1=7fffadb5a270
a2=7fffadb5a270 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.847:15667): avc: denied
{ getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
----
time->Mon Aug 22 15:38:07 2011
node=example.com type=PATH msg=audit(1314027487.848:15668): item=0
name="/usr/bin/chage" inode=3672318 dev=fd:00 mode=0104755 ouid=0 ogid=0
rdev=00:00 obj=system_u:object_r:passwd_exec_t:s0
node=example.com type=CWD msg=audit(1314027487.848:15668): cwd="/"
node=example.com type=SYSCALL msg=audit(1314027487.848:15668):
arch=c000003e syscall=4 success=no exit=-13 a0=aa8d80 a1=7fffadb56c00
a2=7fffadb56c00 a3=81 items=1 ppid=21923 pid=21924 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 ses=1001
comm="puppetmasterd" exe="/usr/bin/ruby"
subj=unconfined_u:system_r:puppetmaster_t:s0 key=(null)
node=example.com type=AVC msg=audit(1314027487.848:15668): avc: denied
{ getattr } for pid=21924 comm="puppetmasterd" path="/usr/bin/chage"
dev=dm-0 ino=3672318 scontext=unconfined_u:system_r:puppetmaster_t:s0
tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
Anyone else? Just want to confirm before I file a bug.
Thanks,
-Erinn
More information about the epel-devel-list
mailing list