Recently upgrade our dev environment from 2.0.1 to 2.1.0 following upgrade steps from Foreman :: Manual. now it appears SELinux is not allowing ruby access to needed files. I’ve tried relabeling the entire filesystem with no luck. I’m using my previous foreman-answers.yaml, could this be the issue? Or is foreman-selinux missing something? sealert info:
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from read access on the directory /sys/devices/system/node.
type=AVC msg=audit(1594163285.520:1624): avc: denied { read } for pid=1601 comm=“ruby” name=“node” dev=“sysfs” ino=842 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163285.520:1624): arch=x86_64 syscall=openat success=yes exit=ECHILD a0=ffffffffffffff9c a1=7fc48909321b a2=90800 a3=0 items=1 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163285.520:1624): cwd=/usr/share/foreman
type=PATH msg=audit(1594163285.520:1624): item=0 name=/sys/devices/system/node inode=842 dev=00:12 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from getattr access on the directory /var/log/foreman.
type=AVC msg=audit(1594163286.404:1679): avc: denied { getattr } for pid=1601 comm=“ruby” path="/var/log/foreman" dev=“dm-0” ino=67975302 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_log_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163286.404:1679): arch=x86_64 syscall=stat success=yes exit=0 a0=8dd37e8 a1=7ffe6c3b9a30 a2=7ffe6c3b9a30 a3=1 items=1 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163286.404:1679): cwd=/usr/share/foreman
type=PATH msg=audit(1594163286.404:1679): item=0 name=/usr/share/foreman/log inode=67975302 dev=fd:00 mode=040750 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_log_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from search access on the directory /var/lib/tftpboot/grub2.
type=AVC msg=audit(1594163288.364:1740): avc: denied { search } for pid=1177 comm=“sidekiq” name=“tftpboot” dev=“dm-0” ino=34573341 scontext=system_u:system_r:foreman_rails_t:s0 tcontext=system_u:object_r:tftpdir_rw_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1594163288.364:1740): avc: denied { getattr } for pid=1177 comm=“sidekiq” path="/var/lib/tftpboot/grub2" dev=“dm-0” ino=101421830 scontext=system_u:system_r:foreman_rails_t:s0 tcontext=system_u:object_r:tftpdir_rw_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163288.364:1740): arch=x86_64 syscall=stat success=yes exit=0 a0=892f7c8 a1=7ffcfe588f30 a2=7ffcfe588f30 a3=1 items=1 ppid=1 pid=1177 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=sidekiq exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:foreman_rails_t:s0 key=(null)
type=CWD msg=audit(1594163288.364:1740): cwd=/usr/share/foreman
type=PATH msg=audit(1594163288.364:1740): item=0 name=/var/lib/tftpboot/grub2 inode=101421830 dev=fd:00 mode=040755 ouid=995 ogid=0 rdev=00:00 obj=system_u:object_r:tftpdir_rw_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from read access on the file /sys/devices/system/node/node0/meminfo.
type=AVC msg=audit(1594163285.520:1625): avc: denied { read } for pid=1601 comm=“ruby” name=“meminfo” dev=“sysfs” ino=933 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1594163285.520:1625): avc: denied { open } for pid=1601 comm=“ruby” path="/sys/devices/system/node/node0/meminfo" dev=“sysfs” ino=933 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163285.520:1625): arch=x86_64 syscall=open success=yes exit=EAGAIN a0=7ffe6c3b6a70 a1=0 a2=1b6 a3=24 items=1 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163285.520:1625): cwd=/usr/share/foreman
type=PATH msg=audit(1594163285.520:1625): item=0 name=/sys/devices/system/node/node0/meminfo inode=933 dev=00:12 mode=0100444 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from getattr access on the file /sys/devices/system/node/node0/meminfo.
type=AVC msg=audit(1594163285.520:1626): avc: denied { getattr } for pid=1601 comm=“ruby” path="/sys/devices/system/node/node0/meminfo" dev=“sysfs” ino=933 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163285.520:1626): arch=x86_64 syscall=fstat success=yes exit=0 a0=b a1=7ffe6c3b68c0 a2=7ffe6c3b68c0 a3=8 items=0 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from search access on the directory /usr/share/foreman/log/production.log.
type=AVC msg=audit(1594163286.415:1681): avc: denied { search } for pid=1601 comm=“ruby” name=“foreman” dev=“dm-0” ino=67975302 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_log_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1594163286.415:1681): avc: denied { getattr } for pid=1601 comm=“ruby” path="/var/log/foreman/production.log" dev=“dm-0” ino=67975309 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_log_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163286.415:1681): arch=x86_64 syscall=stat success=yes exit=0 a0=9086310 a1=7ffe6c3b9080 a2=7ffe6c3b9080 a3=1 items=1 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163286.415:1681): cwd=/usr/share/foreman
type=PATH msg=audit(1594163286.415:1681): item=0 name=/usr/share/foreman/log/production.log inode=67975309 dev=fd:00 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_log_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from append access on the file /usr/share/foreman/log/production.log.
type=AVC msg=audit(1594163286.418:1685): avc: denied { append } for pid=1601 comm=“ruby” name=“production.log” dev=“dm-0” ino=67975309 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1594163286.418:1685): avc: denied { open } for pid=1601 comm=“ruby” path="/var/log/foreman/production.log" dev=“dm-0” ino=67975309 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_log_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163286.418:1685): arch=x86_64 syscall=open success=yes exit=ECHILD a0=9086310 a1=80441 a2=1b6 a3=d items=2 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163286.418:1685): cwd=/usr/share/foreman
type=PATH msg=audit(1594163286.418:1685): item=0 name=/usr/share/foreman/log/ inode=67975302 dev=fd:00 mode=040750 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_log_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163286.418:1685): item=1 name=/usr/share/foreman/log/production.log inode=67975309 dev=fd:00 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_log_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from ioctl access on the file /var/log/foreman/production.log.
type=AVC msg=audit(1594163286.418:1686): avc: denied { ioctl } for pid=1601 comm=“ruby” path="/var/log/foreman/production.log" dev=“dm-0” ino=67975309 ioctlcmd=5401 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_log_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163286.418:1686): arch=x86_64 syscall=ioctl success=no exit=ENOTTY a0=a a1=5401 a2=7ffe6c3b8dd0 a3=d items=0 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from write access on the file /usr/share/foreman/log/production.log.
type=AVC msg=audit(1594163286.418:1684): avc: denied { write } for pid=1601 comm=“ruby” name=“production.log” dev=“dm-0” ino=67975309 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_log_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163286.418:1684): arch=x86_64 syscall=access success=yes exit=0 a0=9086310 a1=2 a2=7ffe6c3b8f90 a3=1 items=1 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163286.418:1684): cwd=/usr/share/foreman
type=PATH msg=audit(1594163286.418:1684): item=0 name=/usr/share/foreman/log/production.log inode=67975309 dev=fd:00 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_log_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from setattr access on the file /usr/share/foreman/tmp/cache/.settings%2Flab_features20200708-2012-895zud.
type=AVC msg=audit(1594163377.468:2348): avc: denied { setattr } for pid=2012 comm=“diagnostic_con*” name=".settings%2Flab_features20200708-2012-895zud" dev=“tmpfs” ino=25581 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163377.468:2348): arch=x86_64 syscall=chown success=yes exit=0 a0=7fc46de2be90 a1=3e4 a2=3e0 a3=ffffffff items=1 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163377.468:2348): cwd=/usr/share/foreman
type=PATH msg=audit(1594163377.468:2348): item=0 name=/usr/share/foreman/tmp/cache/.settings%2Flab_features20200708-2012-895zud inode=25581 dev=00:14 mode=0100600 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from write access on the directory /usr/share/foreman/tmp/cache/F3B.
type=AVC msg=audit(1594163361.632:2217): avc: denied { write } for pid=2012 comm=“diagnostic_con*” name=“cache” dev=“tmpfs” ino=23028 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1594163361.632:2217): avc: denied { add_name } for pid=2012 comm=“diagnostic_con*” name=“F3B” scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1594163361.632:2217): avc: denied { create } for pid=2012 comm=“diagnostic_con*” name=“F3B” scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163361.632:2217): arch=x86_64 syscall=mkdir success=yes exit=0 a0=7fc46c20ad30 a1=1ff a2=1d47020 a3=7fc48470f740 items=2 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163361.632:2217): cwd=/usr/share/foreman
type=PATH msg=audit(1594163361.632:2217): item=0 name=/usr/share/foreman/tmp/cache/ inode=23028 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163361.632:2217): item=1 name=/usr/share/foreman/tmp/cache/F3B inode=27740 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from remove_name access on the directory /usr/share/foreman/tmp/cache/F3B/E00/.permissions_check.80358720.2012.564546.
type=AVC msg=audit(1594163361.632:2220): avc: denied { remove_name } for pid=2012 comm=“diagnostic_con*” name=".permissions_check.80358720.2012.564546" dev=“tmpfs” ino=27743 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1594163361.632:2220): avc: denied { unlink } for pid=2012 comm=“diagnostic_con*” name=".permissions_check.80358720.2012.564546" dev=“tmpfs” ino=27743 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163361.632:2220): arch=x86_64 syscall=unlink success=yes exit=0 a0=7fc46c210080 a1=0 a2=1 a3=ffffffff items=2 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163361.632:2220): cwd=/usr/share/foreman
type=PATH msg=audit(1594163361.632:2220): item=0 name=/usr/share/foreman/tmp/cache/F3B/E00/ inode=27741 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163361.632:2220): item=1 name=/usr/share/foreman/tmp/cache/F3B/E00/.permissions_check.80358720.2012.564546 inode=27743 dev=00:14 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from ioctl access on the file /run/foreman/cache/56D/710/notification-8.
type=AVC msg=audit(1594163885.901:10528): avc: denied { ioctl } for pid=2407 comm=“diagnostic_con*” path="/run/foreman/cache/56D/710/notification-8" dev=“tmpfs” ino=27628 ioctlcmd=5401 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163885.901:10528): arch=x86_64 syscall=ioctl success=no exit=ENOTTY a0=d a1=5401 a2=7fc48470fc40 a3=d items=0 ppid=1601 pid=2407 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from getattr access on the file /run/foreman/cache/56D/710/notification-8.
type=AVC msg=audit(1594163885.900:10526): avc: denied { getattr } for pid=2407 comm=“diagnostic_con*” path="/run/foreman/cache/56D/710/notification-8" dev=“tmpfs” ino=27628 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163885.900:10526): arch=x86_64 syscall=stat success=yes exit=0 a0=7fc45165f080 a1=7fc48470ff00 a2=7fc48470ff00 a3=1 items=1 ppid=1601 pid=2407 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163885.900:10526): cwd=/usr/share/foreman
type=PATH msg=audit(1594163885.900:10526): item=0 name=/usr/share/foreman/tmp/cache/56D/710/notification-8 inode=27628 dev=00:14 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from search access on the directory /usr/share/foreman/public/notification_recipients.
type=AVC msg=audit(1594164025.886:11957): avc: denied { search } for pid=2407 comm=“diagnostic_con*” name=“foreman” dev=“dm-0” ino=100845549 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594164025.886:11957): arch=x86_64 syscall=stat success=no exit=ENOENT a0=7fc46e07a5c0 a1=7fc484710bc0 a2=7fc484710bc0 a3=1 items=1 ppid=1601 pid=2407 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594164025.886:11957): cwd=/usr/share/foreman
type=PATH msg=audit(1594164025.886:11957): item=0 name=/usr/share/foreman/public/notification_recipients objtype=UNKNOWN cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from getattr access on the directory /var/lib/tftpboot/grub2.
type=AVC msg=audit(1594163288.371:1741): avc: denied { getattr } for pid=1601 comm=“ruby” path="/var/lib/tftpboot/grub2" dev=“dm-0” ino=101421830 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:tftpdir_rw_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163288.371:1741): arch=x86_64 syscall=stat success=yes exit=0 a0=8195120 a1=7ffe6c3b3cb0 a2=7ffe6c3b3cb0 a3=1 items=1 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163288.371:1741): cwd=/usr/share/foreman
type=PATH msg=audit(1594163288.371:1741): item=0 name=/var/lib/tftpboot/grub2 inode=101421830 dev=fd:00 mode=040755 ouid=995 ogid=0 rdev=00:00 obj=system_u:object_r:tftpdir_rw_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from read access on the lnk_file db/migrate.
type=AVC msg=audit(1594163378.812:2380): avc: denied { read } for pid=2035 comm=“diagnostic_con*” name=“migrate” dev=“dm-0” ino=499536 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=lnk_file permissive=1
type=SYSCALL msg=audit(1594163378.812:2380): arch=x86_64 syscall=openat success=yes exit=EMFILE a0=ffffffffffffff9c a1=7fc46c0b7f10 a2=90000 a3=0 items=1 ppid=1601 pid=2035 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163378.812:2380): cwd=/usr/share/foreman
type=PATH msg=audit(1594163378.812:2380): item=0 name=db/migrate inode=33934759 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from append access on the file /run/foreman/cache/8FC/FB0/.permissions_check.80358720.2012.716712.
type=AVC msg=audit(1594163377.468:2346): avc: denied { append } for pid=2012 comm=“diagnostic_con*” path="/run/foreman/cache/8FC/FB0/.permissions_check.80358720.2012.716712" dev=“tmpfs” ino=25582 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163377.468:2346): arch=x86_64 syscall=open success=yes exit=ENFILE a0=7fc46de2c3f0 a1=80441 a2=1b6 a3=d items=2 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163377.468:2346): cwd=/usr/share/foreman
type=PATH msg=audit(1594163377.468:2346): item=0 name=/usr/share/foreman/tmp/cache/8FC/FB0/ inode=25580 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163377.468:2346): item=1 name=/usr/share/foreman/tmp/cache/8FC/FB0/.permissions_check.80358720.2012.716712 inode=25582 dev=00:14 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from create access on the directory /usr/share/foreman/tmp/cache/26D.
type=AVC msg=audit(1594163290.968:1801): avc: denied { create } for pid=1601 comm=“ruby” name=“26D” scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163290.968:1801): arch=x86_64 syscall=mkdir success=yes exit=0 a0=9195770 a1=1ff a2=1d47020 a3=7ffe6c3b7900 items=2 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163290.968:1801): cwd=/usr/share/foreman
type=PATH msg=audit(1594163290.968:1801): item=0 name=/usr/share/foreman/tmp/cache/ inode=23028 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163290.968:1801): item=1 name=/usr/share/foreman/tmp/cache/26D inode=24215 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from getattr access on the lnk_file /var/lib/foreman/db/seeds.d.
type=AVC msg=audit(1594163300.590:1866): avc: denied { getattr } for pid=1601 comm=“ruby” path="/var/lib/foreman/db/seeds.d" dev=“dm-0” ino=55747 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=lnk_file permissive=1
type=SYSCALL msg=audit(1594163300.590:1866): arch=x86_64 syscall=lstat success=yes exit=0 a0=d2fb4d0 a1=7ffe6c3b6120 a2=7ffe6c3b6120 a3=d2fb4e8 items=1 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163300.590:1866): cwd=/usr/share/foreman
type=PATH msg=audit(1594163300.590:1866): item=0 name=/var/lib/foreman/db/seeds.d inode=55747 dev=fd:00 mode=0120777 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from getattr access on the directory /var/lib/foreman.
type=AVC msg=audit(1594163300.590:1865): avc: denied { getattr } for pid=1601 comm=“ruby” path="/var/lib/foreman" dev=“dm-0” ino=100845549 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163300.590:1865): arch=x86_64 syscall=lstat success=yes exit=0 a0=d78c8f8 a1=7ffe6c3b5fb0 a2=7ffe6c3b5fb0 a3=d78c908 items=1 ppid=1366 pid=1601 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=ruby exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163300.590:1865): cwd=/usr/share/foreman
type=PATH msg=audit(1594163300.590:1865): item=0 name=/var/lib/foreman inode=100845549 dev=fd:00 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from read access on the directory /usr/share/foreman/public/apipie-cache/apidoc.
type=AVC msg=audit(1594163385.68:2405): avc: denied { read } for pid=2012 comm=“diagnostic_con*” name=“apidoc” dev=“dm-0” ino=100845550 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1594163385.68:2405): avc: denied { open } for pid=2012 comm=“diagnostic_con*” path="/var/lib/foreman/public/apipie-cache/apidoc" dev=“dm-0” ino=100845550 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163385.68:2405): arch=x86_64 syscall=openat success=yes exit=EMFILE a0=ffffffffffffff9c a1=7fc46db39b20 a2=90000 a3=0 items=1 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163385.68:2405): cwd=/usr/share/foreman
type=PATH msg=audit(1594163385.68:2405): item=0 name=/usr/share/foreman/public/apipie-cache/apidoc inode=100845550 dev=fd:00 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from ioctl access on the file /var/lib/foreman/public/apipie-cache/apidoc/v2.ca.json.
type=AVC msg=audit(1594163385.80:2407): avc: denied { ioctl } for pid=2012 comm=“diagnostic_con*” path="/var/lib/foreman/public/apipie-cache/apidoc/v2.ca.json" dev=“dm-0” ino=101399690 ioctlcmd=5401 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163385.80:2407): arch=x86_64 syscall=ioctl success=no exit=ENOTTY a0=18 a1=5401 a2=7fc484710d10 a3=d items=0 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from read access on the file /usr/share/foreman/public/apipie-cache/apidoc/v2.ca.json.
type=AVC msg=audit(1594163385.80:2406): avc: denied { read } for pid=2012 comm=“diagnostic_con*” name=“v2.ca.json” dev=“dm-0” ino=101399690 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1594163385.80:2406): avc: denied { open } for pid=2012 comm=“diagnostic_con*” path="/var/lib/foreman/public/apipie-cache/apidoc/v2.ca.json" dev=“dm-0” ino=101399690 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163385.80:2406): arch=x86_64 syscall=open success=yes exit=EMFILE a0=7fc46db37680 a1=80000 a2=1b6 a3=d items=1 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163385.80:2406): cwd=/usr/share/foreman
type=PATH msg=audit(1594163385.80:2406): item=0 name=/usr/share/foreman/public/apipie-cache/apidoc/v2.ca.json inode=101399690 dev=fd:00 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from read access on the file /usr/share/foreman/tmp/cache/56D/710/notification-8.
type=AVC msg=audit(1594163885.901:10527): avc: denied { read } for pid=2407 comm=“diagnostic_con*” name=“notification-8” dev=“tmpfs” ino=27628 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=AVC msg=audit(1594163885.901:10527): avc: denied { open } for pid=2407 comm=“diagnostic_con*” path="/run/foreman/cache/56D/710/notification-8" dev=“tmpfs” ino=27628 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163885.901:10527): arch=x86_64 syscall=open success=yes exit=EACCES a0=7fc45165f080 a1=80000 a2=1b6 a3=d items=1 ppid=1601 pid=2407 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163885.901:10527): cwd=/usr/share/foreman
type=PATH msg=audit(1594163885.901:10527): item=0 name=/usr/share/foreman/tmp/cache/56D/710/notification-8 inode=27628 dev=00:14 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from create access on the file /usr/share/foreman/tmp/cache/.settings%2Flab_features20200708-2012-895zud.
type=AVC msg=audit(1594163377.468:2345): avc: denied { create } for pid=2012 comm=“diagnostic_con*” name=".settings%2Flab_features20200708-2012-895zud" scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=AVC msg=audit(1594163377.468:2345): avc: denied { write } for pid=2012 comm=“diagnostic_con*” path="/run/foreman/cache/.settings%2Flab_features20200708-2012-895zud" dev=“tmpfs” ino=25581 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163377.468:2345): arch=x86_64 syscall=open success=yes exit=ENFILE a0=7fc46de2be90 a1=800c2 a2=180 a3=d items=2 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163377.468:2345): cwd=/usr/share/foreman
type=PATH msg=audit(1594163377.468:2345): item=0 name=/usr/share/foreman/tmp/cache/ inode=23028 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163377.468:2345): item=1 name=/usr/share/foreman/tmp/cache/.settings%2Flab_features20200708-2012-895zud inode=25581 dev=00:14 mode=0100600 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from rename access on the file /usr/share/foreman/tmp/cache/.settings%2Flab_features20200708-2012-895zud.
type=AVC msg=audit(1594163377.468:2349): avc: denied { rename } for pid=2012 comm=“diagnostic_con*” name=".settings%2Flab_features20200708-2012-895zud" dev=“tmpfs” ino=25581 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163377.468:2349): arch=x86_64 syscall=rename success=yes exit=0 a0=7fc46de2be90 a1=7fc46de259c0 a2=1d47020 a3=2 items=4 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163377.468:2349): cwd=/usr/share/foreman
type=PATH msg=audit(1594163377.468:2349): item=0 name=/usr/share/foreman/tmp/cache/ inode=23028 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163377.468:2349): item=1 name=/usr/share/foreman/tmp/cache/8FC/FB0/ inode=25580 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163377.468:2349): item=2 name=/usr/share/foreman/tmp/cache/.settings%2Flab_features20200708-2012-895zud inode=25581 dev=00:14 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163377.468:2349): item=3 name=/usr/share/foreman/tmp/cache/8FC/FB0/settings%2Flab_features inode=25581 dev=00:14 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from unlink access on the file /usr/share/foreman/tmp/cache/8FC/FB0/.permissions_check.80358720.2012.716712.
type=AVC msg=audit(1594163377.468:2347): avc: denied { unlink } for pid=2012 comm=“diagnostic_con*” name=".permissions_check.80358720.2012.716712" dev=“tmpfs” ino=25582 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163377.468:2347): arch=x86_64 syscall=unlink success=yes exit=0 a0=7fc46de2c3f0 a1=0 a2=1 a3=ffffffff items=2 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163377.468:2347): cwd=/usr/share/foreman
type=PATH msg=audit(1594163377.468:2347): item=0 name=/usr/share/foreman/tmp/cache/8FC/FB0/ inode=25580 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163377.468:2347): item=1 name=/usr/share/foreman/tmp/cache/8FC/FB0/.permissions_check.80358720.2012.716712 inode=25582 dev=00:14 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /usr/sbin/httpd from getattr access on the file /var/lib/foreman/public/webpack/foreman-vendor.bundle-v4.3.0-production-7c19ff9bfddfa7208370.css.
type=AVC msg=audit(1594163377.496:2350): avc: denied { getattr } for pid=1389 comm=“httpd” path="/var/lib/foreman/public/webpack/foreman-vendor.bundle-v4.3.0-production-7c19ff9bfddfa7208370.css" dev=“dm-0” ino=101236852 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163377.496:2350): arch=x86_64 syscall=stat success=yes exit=0 a0=5564c5985b90 a1=7ffd660410a0 a2=7ffd660410a0 a3=0 items=1 ppid=1173 pid=1389 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
type=CWD msg=audit(1594163377.496:2350): cwd=/
type=PATH msg=audit(1594163377.496:2350): item=0 name=/usr/share/foreman/public/webpack/foreman-vendor.bundle-v4.3.0-production-7c19ff9bfddfa7208370.css inode=101236852 dev=fd:00 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /usr/sbin/httpd from read access on the file /usr/share/foreman/public/webpack/foreman-vendor.bundle-v4.3.0-production-7c19ff9bfddfa7208370.css.gz.
type=AVC msg=audit(1594163377.496:2351): avc: denied { read } for pid=1389 comm=“httpd” name=“foreman-vendor.bundle-v4.3.0-production-7c19ff9bfddfa7208370.css.gz” dev=“dm-0” ino=101236853 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1594163377.496:2351): avc: denied { open } for pid=1389 comm=“httpd” path="/var/lib/foreman/public/webpack/foreman-vendor.bundle-v4.3.0-production-7c19ff9bfddfa7208370.css.gz" dev=“dm-0” ino=101236853 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163377.496:2351): arch=x86_64 syscall=open success=yes exit=EFAULT a0=5564c599d8b8 a1=80000 a2=0 a3=4 items=1 ppid=1173 pid=1389 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
type=CWD msg=audit(1594163377.496:2351): cwd=/
type=PATH msg=audit(1594163377.496:2351): item=0 name=/usr/share/foreman/public/webpack/foreman-vendor.bundle-v4.3.0-production-7c19ff9bfddfa7208370.css.gz inode=101236853 dev=fd:00 mode=0100644 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from name_connect access on the tcp_socket port 636.
type=AVC msg=audit(1594163374.641:2315): avc: denied { name_connect } for pid=2012 comm=“diagnostic_con*” dest=636 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket permissive=1
type=SYSCALL msg=audit(1594163374.641:2315): arch=x86_64 syscall=connect success=no exit=EINPROGRESS a0=17 a1=d413d48 a2=10 a3=7fc48470ef60 items=0 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from rmdir access on the directory /usr/share/foreman/tmp/cache/C3F/670.
type=AVC msg=audit(1594163378.618:2376): avc: denied { rmdir } for pid=2012 comm=“diagnostic_con*” name=“670” dev=“tmpfs” ino=25584 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163378.618:2376): arch=x86_64 syscall=rmdir success=yes exit=0 a0=7fc46dea7e70 a1=0 a2=1d47020 a3=7fc48470d320 items=2 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163378.618:2376): cwd=/usr/share/foreman
type=PATH msg=audit(1594163378.618:2376): item=0 name=/usr/share/foreman/tmp/cache/C3F/ inode=25583 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1594163378.618:2376): item=1 name=/usr/share/foreman/tmp/cache/C3F/670 inode=25584 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from read access on the directory /usr/share/foreman/tmp/cache/C3F/670.
type=AVC msg=audit(1594163378.618:2375): avc: denied { read } for pid=2012 comm=“diagnostic_con*” name=“670” dev=“tmpfs” ino=25584 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1594163378.618:2375): arch=x86_64 syscall=openat success=yes exit=ENFILE a0=ffffffffffffff9c a1=7fc46dea7e70 a2=90800 a3=0 items=1 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)
type=CWD msg=audit(1594163378.618:2375): cwd=/usr/share/foreman
type=PATH msg=audit(1594163378.618:2375): item=0 name=/usr/share/foreman/tmp/cache/C3F/670 inode=25584 dev=00:14 mode=040755 ouid=996 ogid=992 rdev=00:00 obj=system_u:object_r:foreman_var_run_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
SELinux is preventing /opt/rh/rh-ruby25/root/usr/bin/ruby from getattr access on the file /var/lib/foreman/public/apipie-cache/apidoc/v2.ca.json.
type=AVC msg=audit(1594163385.80:2408): avc: denied { getattr } for pid=2012 comm=“diagnostic_con*” path="/var/lib/foreman/public/apipie-cache/apidoc/v2.ca.json" dev=“dm-0” ino=101399690 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1594163385.80:2408): arch=x86_64 syscall=fstat success=yes exit=0 a0=18 a1=7fc484710c10 a2=7fc484710c10 a3=7fc484710c60 items=0 ppid=1601 pid=2012 auid=4294967295 uid=996 gid=992 euid=996 suid=996 fsuid=996 egid=992 sgid=992 fsgid=992 tty=(none) ses=4294967295 comm=diagnostic_con* exe=/opt/rh/rh-ruby25/root/usr/bin/ruby subj=system_u:system_r:passenger_t:s0 key=(null)