Problem:
I’m trying to sync the Ubuntu 20.04 repo.
I’m not sure I have it setup correctly anyway, but along the way I noticed there seems to some selinux-settings missing.
Expected outcome:
Foreman and Proxy versions:
Foreman 2.4.0, Katello 2.4.0 on CentOS 8
Foreman and Proxy plugin versions:
Distribution and version:
Other relevant data:
May 14 16:39:22 foreman-app01-prod /SetroubleshootPrivileged.py[7081]: failed to retrieve rpm info for /var/lib/selinux/targeted/active/modules/400/pulpcore
May 14 16:39:22 foreman-app01-prod setroubleshoot[7064]: SELinux is preventing gpg from execute_no_trans access on the file /usr/bin/gpg-agent. For complete SELinux messages run: sealert -l ee1f7817-087e-4e71-985e-59e43ef46bcf
May 14 16:39:22 foreman-app01-prod setroubleshoot[7064]: SELinux is preventing gpg from execute_no_trans access on the file /usr/bin/gpg-agent.#012#012***** Plugin catchall (100. confidence) suggests *********************#012#012If you believe that gpg should be allowed execute_no_trans access on the gpg-agent file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c ‘gpg’ --raw | audit2allow -M my-gpg#012# semodule -X 300 -i my-gpg.pp#012
May 14 16:39:24 foreman-app01-prod pulpcore-api[1007]: pulp [None]: django_guid:INFO: Header Correlation-ID was not found in the incoming request. Generated new GUID: dba67ad1e414450985f705c91afca66f
May 14 16:39:25 foreman-app01-prod pulpcore-api[1007]: - - [14/May/2021:14:39:25 +0000] “GET /pulp/api/v3/tasks/1d8aef99-7d5d-4bef-bc54-6da9c542e378/ HTTP/1.1” 200 1263 “-” “OpenAPI-Generator/3.9.0/ruby”
May 14 16:39:25 foreman-app01-prod /SetroubleshootPrivileged.py[7081]: failed to retrieve rpm info for /var/lib/selinux/targeted/active/modules/400/pulpcore
May 14 16:39:25 foreman-app01-prod setroubleshoot[7064]: SELinux is preventing gpg-agent from map access on the file /usr/bin/gpg-agent. For complete SELinux messages run: sealert -l 199da6e7-d1c1-4491-9ba9-06505693e6f9
May 14 16:39:25 foreman-app01-prod setroubleshoot[7064]: SELinux is preventing gpg-agent from map access on the file /usr/bin/gpg-agent.#012#012 Plugin catchall_boolean (89.3 confidence) suggests *************#012#012If you want to allow domain to can mmap files#012Then you must tell SELinux about this by enabling the ‘domain_can_mmap_files’ boolean.#012#012Do#012setsebool -P domain_can_mmap_files 1#012#012 Plugin catchall (11.6 confidence) suggests **************************#012#012If you believe that gpg-agent should be allowed map access on the gpg-agent file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c ‘gpg-agent’ --raw | audit2allow -M my-gpgagent#012# semodule -X 300 -i my-gpgagent.pp#012
after
setsebool -P domain_can_mmap_files=1
ausearch -c ‘gpg’ --raw | audit2allow -M my-gpg
semodule -X 300 -i my-gpg.pp
I now get the error “No valid Release file found for ‘focal’.”
Sync settings are:
Upstream URL: Index of /ubuntu
Releases: focal
Components: main, multiverse, restricted, universe
Architectures: amd64
GPG Key: Ubuntu Archive Automatic Signing Key (2012) ftpmaster@ubuntu.com
(derived from here):
https://docs.orcharhino.com/or/docs/sources/usage_guides/managing_ubuntu_systems_guide.html#musg_synchronizing_content