Project

General

Profile

Actions

Bug #20263

closed

Missing SELinux rules for httpd on RockyLinux

Added by Félix DALLIDET about 3 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Category:
Relay server or API
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
First impressions of Rudder
Effort required:
Small
Priority:
87
Name check:
To do
Fix check:
Checked
Regression:

Description

I tried to install a rudder server on a RockyLinux, it seems to work well but some SELinux rules are missing after the install and it blocks the inventories reception.
Error on the agent:

[root@agent1 ~]# rudder agent inventory
Rudder agent 6.2.10.release
Node uuid: 0b7a7887-567d-4c6f-ac0a-37ec5293e1da
M| State         Technique                 Component                 Key                Message
E| compliant     Common                    Compute inventory splay                      Scheduling rudder_run_inventory was correct
Start execution with config [0]

   error: Finished command related to promiser '/var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.*' -- an error occurred, returned 22
   error: Transformer '/var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.sign' => '/usr/bin/curl --tlsv1.2 --location --insecure --fail --silent --proxy '' --user rudder:rudder --upload-file /var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.sign https://server/inventories/' returned error
   error: Finished command related to promiser '/var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.*' -- an error occurred, returned 22
   error: Transformer '/var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.gz' => '/usr/bin/curl --tlsv1.2 --location --insecure --fail --silent --proxy '' --user rudder:rudder --upload-file /var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.gz https://server/inventories/' returned error
E| error         Inventory                 inventory                                    Could not send the inventory
info     Rudder agent was run on a subset of policies - not all policies were checked

## Summary #####################################################################
2 components verified in 4 directives
   => 2 components in Enforce mode
      -> 1 compliant
      -> 1 error
Execution time: 5.63s
################################################################################

On the apache log in trace mode:

[Mon Nov 15 14:55:57.065704 2021] [rewrite:trace1] [pid 27392:tid 139934463620864] mod_rewrite.c(482): [client 192.168.3.3:55720] 192.168.3.3 - - [server/sid#55fd7f105cd0][rid#7f45100499e0/initial] pass through /inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.gz
[Mon Nov 15 14:55:57.068923 2021] [dav:error] [pid 27392:tid 139934463620864] [client 192.168.3.3:55720] Unable to PUT new contents for /inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.gz.  [403, #0]
[Mon Nov 15 14:55:57.068934 2021] [dav:error] [pid 27392:tid 139934463620864] (13)Permission denied: [client 192.168.3.3:55720] An error occurred while opening a resource.  [500, #0]

Actions

Also available in: Atom PDF