Project

General

Profile

Actions

Bug #16646

closed

missing selinux label

Added by Florian Heigl about 4 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
Packaging
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
First impressions of Rudder
Effort required:
Priority:
78
Name check:
To do
Fix check:
To do
Regression:

Description

Problem

Rudder 6.0.2 master on Centos7 with SELinux enabled will not be able to send its own inventory.

E| error Inventory inventory Could not retrieve the UUID of the policy server. Please check that the defined Policy Server exists, and that this Node IP address is in the Allowed Networks of its policy server.

[root@cfgmgmtcamp-ruddermaster ~]# /opt/rudder/bin/curl --tlsv1.2 --location --insecure --fail --proxy '' --output "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://127.0.0.1/uuid
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 403 Forbidden

definitive error message to identify this problem:

[Wed Jan 29 20:20:39.696083 2020] [core:error] [pid 15281] (13)Permission denied: [client 127.0.0.1:41182] AH00035: access to /uuid denied (filesystem path '/opt/rudder/etc/uuid.hive') because search permissions are missing on a component of the path

solution:
chcon -t httpd_sys_content_t /opt/rudder/etc/uuid.hive

might be provoked by having separate filesystems
/dev/mapper/vgdata-lvvarrudder 10G 155M 9.9G 2% /var/rudder
/dev/mapper/vgdata-lvvarpgsql 10G 77M 10G 1% /var/lib/pgsql
/dev/mapper/vgdata-lvoptrudder 5.0G 207M 4.8G 5% /opt/rudder
/dev/mapper/vgdata-lvvarlogrudder 10G 33M 10G 1% /var/log/rudder
/dev/mapper/vgdata-lvvarldap 10G 33M 10G 1% /var/rudder/ldap

Actions

Also available in: Atom PDF