[Pulp-list] SELinux errors on upgrade

Briand, Sheldon Sheldon.Briand at nrc-cnrc.gc.ca
Fri May 14 17:29:10 UTC 2021 

Hi,

I recently tried to update my pulp3 install.  It was installed using the ansible installer.  I believe the original install was working because the ansible installer ran without any errors.

I never got much of chance to try it out though.  When I revisited pulp3 I saw there was an update.  I may not have run the update properly the first time.

Now when I run the installer it gets stuck checking the health of the pulp3 services and then fails.

Note that my system is running SELinux in enforcing mode.

I've looked at the logs and I'm seeing lots of permission denied messages.  Checking the SELinux logs shows:

type=AVC msg=audit(1621012482.823:159368): avc:  denied  { create } for  pid=107534 comm="rq" name="reserved-resource-worker-1.pid" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:pulpcore_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621012483.052:159369): avc:  denied  { create } for  pid=107542 comm="rq" name="reserved-resource-worker-2.pid" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:pulpcore_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621012486.569:159424): avc:  denied  { name_connect } for  pid=107595 comm="rq" dest=5432 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1621012488.581:159430): avc:  denied  { name_connect } for  pid=107611 comm="gunicorn" dest=5432 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket permissive=0
type=AVC msg=audit(1621012489.177:159435): avc:  denied  { create } for  pid=107595 comm="rq" name="resource-manager.pid" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:pulpcore_var_run_t:s0 tclass=file permissive=0
type=AVC msg=audit(1621012490.511:159443): avc:  denied  { read } for  pid=107611 comm="gunicorn" name="autocomplete.css" dev="sda5" ino=8390506 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:pulpcore_var_lib_t:s0 tclass=lnk_file permissive=0

Not sure if this is something I did or if these logs might help debug anything.

Thanks,
-Sheldon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20210514/e27e16e2/attachment.htm>

More information about the Pulp-list mailing list