Actions
Bug #18078
open
SELinux error for relayd search access on krb5 on centos 8
Pull Request:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Priority:
15
Name check:
To do
Fix check:
To do
Regression:
Description
Jul 31 06:05:44 server setroubleshoot[12830]: SELinux is preventing /opt/rudder/bin/rudder-relayd from search access on the directory krb5. For complete SELinux messages run: sealert -l 07e5b566-8a9d-4635-965f-22c336cc3c99
Jul 31 06:05:44 server platform-python[12830]: SELinux is preventing /opt/rudder/bin/rudder-relayd from search access on the directory krb5.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that rudder-relayd should be allowed search access on the krb5 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'r2d2-worker-1' --raw | audit2allow -M my-r2d2worker1
# semodule -X 300 -i my-r2d2worker1.pp
Files
Updated by
Updated by Vincent MEMBRÉ over 3 years ago
- Related to Bug #18070: Broken relay postinst due to missing shared-folder added
Updated by Alexis Mousset over 3 years ago
This one should have been fixed by #17518
Updated by Alexis Mousset over 3 years ago
- Related to Bug #17518: postgresl client in relayd tries to read krb conf added
Updated by
Updated by Alexis Mousset about 2 years ago
Reproducible on root server on CentOS8 with 7.0:
type=AVC msg=audit(1643129873.676:3886): avc: denied { search } for pid=20078 comm="r2d2-worker-2" name="krb5" dev="dm-0" ino=101155011 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=system_u:object_r:krb5_keytab_t:s0 tclass=dir permissive=0
Updated by Alexis Mousset about 2 years ago
- Severity set to Trivial - no functional impact | cosmetic
- User visibility set to Infrequent - complex configurations | third party integrations
- Priority changed from 0 to 15
Actions