[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 Fedora Update Systemchanged: What|Removed |Added Status|ON_QA |CLOSED Fixed In Version||selinux-policy-3.13.1-260.1 ||8.fc26 Resolution|--- |ERRATA Last Closed||2018-01-02 11:21:57 --- Comment #12 from Fedora Update System --- selinux-policy-3.13.1-260.18.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 Fedora Update Systemchanged: What|Removed |Added Status|MODIFIED|ON_QA --- Comment #11 from Fedora Update System --- selinux-policy-3.13.1-260.18.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5ac57e518 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 --- Comment #10 from Fedora Update System--- selinux-policy-3.13.1-260.18.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5ac57e518 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 Emmanuel Seymanchanged: What|Removed |Added CC||dwa...@redhat.com, ||lvra...@redhat.com, ||mgr...@redhat.com, ||plaut...@redhat.com, ||pmo...@redhat.com Component|bugzilla|selinux-policy Assignee|emman...@seyman.fr |lvra...@redhat.com --- Comment #9 from Emmanuel Seyman --- According to advice on #fedora-devel, this is a selinux-policy. Re-assigning. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 Hughchanged: What|Removed |Added Version|25 |26 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 --- Comment #8 from Fedora End Of Life--- This message is a reminder that Fedora 25 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '25'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 25 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 --- Comment #7 from Hugh--- It's definitely selinux causing the problem. If I switch to non-enforcing, it works. It turned out I had silent denials and had to turn off the dontaudit policy in semodule. I ended up with this policy, which works. There are still some silent denials for httpd triggered by the editparams.cgi script in bugzilla, but they don't appear to be an issue for this problem. I only tested it with smtpserver change, I ended up with this policy (hth): module local-bugzilla 1.0; require { type bugzilla_script_t ; class netlink_route_socket { bind create getattr nlmsg_read write read }; class udp_socket { connect create getattr write read }; } #= bugzilla_script_t == allow bugzilla_script_t self:netlink_route_socket { bind create getattr nlmsg_read write read }; allow bugzilla_script_t self:udp_socket { connect create getattr write read }; I hope you can pass this onto the bugzilla selinux package maintainers for fc 25 and 26. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 --- Comment #6 from Hugh--- I upgraded and installed some more modules to make it look more similar to the windows installation. No difference. What I do notice is that mod_perl and Net-SMTP-SSL are not installed on the windows installation, but they are on Fedora. In fact, bugzilla is dependent on this module in Fedora but not in windows. These are the only entries in the journalctl: -- Unit httpd.service has begun starting up. Oct 08 06:09:27 fc25.localdomain systemd[1]: Started The Apache HTTP Server. -- Subject: Unit httpd.service has finished start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has finished starting up. -- -- The start-up result is done. Oct 08 06:09:27 fc25.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Oct 08 06:16:13 fc25.localdomain audit[29901]: USER_AUTH pid=29901 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_rootok acct="apache" exe="/usr/bin/su" hostname=fc25.localdomain addr=? terminal=pts/0 res=success' Oct 08 06:16:13 fc25.localdomain audit[29901]: USER_ACCT pid=29901 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_succeed_if acct="apache" exe="/usr/bin/su" hostname=fc25.localdomain addr=? terminal=pts/0 res=success' Oct 08 06:16:13 fc25.localdomain audit[29901]: CRED_ACQ pid=29901 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_rootok acct="apache" exe="/usr/bin/su" hostname=fc25.localdomain addr=? terminal=pts/0 res=success' Oct 08 06:16:13 fc25.localdomain audit[29901]: USER_START pid=29901 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="apache" exe="/usr/bin/su" hostname=fc25.localdomain addr=? terminal=pts/0 res=success' Oct 08 06:16:13 fc25.localdomain su[29901]: (to apache) admin on pts/0 Oct 08 06:16:13 fc25.localdomain su[29901]: pam_systemd(su-l:session): Cannot create session: Already running in a session Oct 08 06:16:13 fc25.localdomain su[29901]: pam_unix(su-l:session): session opened for user apache by admin(uid=0) Oct 08 06:17:18 fc25.localdomain su[29901]: pam_unix(su-l:session): session closed for user apache Oct 08 06:17:18 fc25.localdomain audit[29901]: USER_END pid=29901 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="apache" exe="/usr/bin/su" hostname=fc25.localdomain addr=? terminal=pts/0 res=success' Oct 08 06:17:18 fc25.localdomain audit[29901]: CRED_DISP pid=29901 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_rootok acct="apache" exe="/usr/bin/su" hostname=fc25.localdomain addr=? terminal=pts/0 res=success' There is nothing selinux related there. This is the apache ssl_error_log: [Sun Oct 08 06:09:27.334135 2017] [ssl:warn] [pid 29841] AH01909: fc25.localdomain:443:0 server certificate does NOT include an ID which matches the server name apache ssl_access_log 192.168.0.117 - - [08/Oct/2017:06:19:36 +1000] "POST /bugzilla/editparams.cgi HTTP/1.1" 200 6490 The following is the output from checksetup.pl --check-modules on each. *** Windows: C:\Progs\bugzilla>checksetup.pl --check-modules * This is Bugzilla 5.0.3 on perl 5.20.2 * Running on WinVista Build 6002 (Service Pack 2) Checking perl modules... Checking for CGI.pm (v3.51) ok: found v3.64 Checking for Digest-SHA (any) ok: found v5.95 Checking for TimeDate (v2.23) ok: found v2.24 Checking for DateTime (v0.75) ok: found v1.21 Checking forDateTime-TimeZone (v1.64) ok: found v1.95 Checking for DBI (v1.614)ok: found v1.633 Checking for Template-Toolkit (v2.24) ok: found v2.26 Checking for Email-Sender (v1.300011) ok: found v1.300021 Checking for Email-MIME (v1.904)ok: found v1.937 Checking for URI (v1.55) ok: found v1.67 Checking for List-MoreUtils (v0.32) ok: found v0.412 Checking forMath-Random-ISAAC (v1.0.1)ok: found v1.004 Checking for File-Slurp (v.13) ok: found v.19 Checking for JSON-XS (v2.01) ok: found v3.01 Checking forWin32 (v0.35) ok: found v0.51 Checking forWin32-API (v0.55) ok: found v0.82 Checking for DateTime-TimeZone-Local-Win32 (v1.64) ok: found v1.87 Checking for
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 --- Comment #5 from Emmanuel Seyman--- Having tried pretty much every other option, I came back to the selinux thing. I have a selinux file that reads: module my-editparamscgi 1.0; require { type bugzilla_script_t; class netlink_route_socket create; class udp_socket create; } #= bugzilla_script_t == allow bugzilla_script_t self:netlink_route_socket create; # This avc is allowed in the current policy allow bugzilla_script_t self:udp_socket create; With this, I can change the smtpserver anyway I want (provided smtp_username and smtp_password have valid contents) but that doesn't seem very different from what you tried. I'll run more tests. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 --- Comment #4 from Hugh--- I added these rules, but I still get the same error. No more selinux complaints and nothing in the httpd logs either. module local-bugzilla 1.0; require { type bugzilla_script_t; class netlink_route_socket { bind create getattr }; class udp_socket { connect create }; } #= bugzilla_script_t == allow bugzilla_script_t self:netlink_route_socket { bind create getattr }; allow bugzilla_script_t self:udp_socket { connect create }; -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 --- Comment #3 from Emmanuel Seyman--- This is an selinux issue: type=AVC msg=audit(1491427462.96:1206): avc: denied { create } for pid=21885 comm="editparams.cgi" scontext=system_u:system_r:bugzilla_script_t:s0 tcontext=system_u:system_r:bugzilla_script_t:s0 tclass=netlink_route_socket permissive=0 I'm not sure how to handle this. I'll investigate... -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 Emmanuel Seymanchanged: What|Removed |Added Status|NEW |ASSIGNED Assignee|ita...@ispbrasil.com.br |emman...@seyman.fr -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 --- Comment #2 from Hugh--- I'd like to mention that this bug prevents me from configuring the server correctly. I'd like to amend the priority to high as this blocks my continued migration process. I suspect it doesn't only affect me, but anyone making a fresh install of bugzilla on fc25. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to
https://bugzilla.redhat.com/show_bug.cgi?id=1427019 Kevin Fenzichanged: What|Removed |Added CC||bazanlui...@gmail.com, ||emman...@seyman.fr, ||ita...@ispbrasil.com.br, ||perl-devel@lists.fedoraproj ||ect.org Component|distribution|bugzilla Assignee|vpav...@redhat.com |ita...@ispbrasil.com.br --- Comment #1 from Kevin Fenzi --- moving this to bugzilla package... -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org