We want our SELinux team to start improving Puppet policy. It is a
little bit messy at the moment.
LZ
···
On Thu, Sep 26, 2013 at 12:02:31PM +0200, Lukas Zapletal wrote:
> Hey,
>
> I noticed that 1.3 version (and develop as well) is not starting up
> properly due to passenger/puppetmaster issues and SELinux.
>
> The workaround is to turn SELinux off or add extra audit rules manually.
>
> [root@hp-dl585g5-01 foreman]# grep AVC /var/log/audit/audit.log | audit2allow
>
> #============= httpd_t ==============
> allow httpd_t puppet_etc_t:dir { search getattr };
>
> #!!!! This avc can be allowed using the boolean
> 'httpd_can_network_connect'
> allow httpd_t puppet_port_t:tcp_socket name_connect;
>
> #============= passenger_t ==============
> allow passenger_t init_t:unix_stream_socket { getattr ioctl };
>
> [root@hp-dl585g5-01 foreman]# rpm -q selinux-policy mod_passenger foreman
> selinux-policy-3.12.1-74.4.fc19.noarch
> mod_passenger-3.0.21-4.fc19.x86_64
> foreman-1.3.0-0.2.RC2.fc19.noarch
>
> Please report if you are able to reproduce.
>
> --
> Later,
>
> Lukas "lzap" Zapletal
> irc: lzap #theforeman
>
> --
> You received this message because you are subscribed to the Google Groups "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.