Actions
Bug #14551
closed
Remote run is broken on centos7 because of selinux
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
43
Name check:
Fix check:
Regression:
Description
This happened on rudder 5.0, but it looks like it's not specific to that version of Rudder.
Maybe linked to #14391 (found in the same use case).
[root@server vagrant]# curl -X POST 'http://localhost/rudder/relay-api/remote-run/nodes' -d "asynchronous=false" -d "keep_output=true" -d "nodes=a81c4150-974f-4155-a9b9-3cd2c38dbf96" a81c4150-974f-4155-a9b9-3cd2c38dbf96:sudo: unable to open audit system: Permission denied a81c4150-974f-4155-a9b9-3cd2c38dbf96:sudo: pam_open_session: System error a81c4150-974f-4155-a9b9-3cd2c38dbf96:sudo: policy plugin failed session initialization
It's SELinux related, because with "setenforce 0", the remote run is correctly started - so perhaps linked to rudder version after all.
journalctl logs are:
server sudo[11520]: rudder : TTY=unknown ; PWD=/var/rudder ; USER=root ; COMMAND=/opt/rudder/bin/rudder remote run agent1.rudder.local server sudo[11520]: PAM audit_open() failed: Permission denied server sudo[11520]: PAM audit_open() failed: Permission denied server sudo[11520]: rudder : pam_open_session: System error ; TTY=unknown ; PWD=/var/rudder ; USER=root ; COMMAND=/opt/rudder/bin/rudder remote run agent1.rudder.local server sudo[11520]: PAM audit_open() failed: Permission denied
Updated by 
Updated by 
Updated by
Actions