Jira (PUP-2413) Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations
Title: Message Title Josh Cooper commented on PUP-2413 Re: Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations This ticket has not been updated in some time and is now being closed due to inactivity. This isn’t necessarily a statement that this ticket isn’t important - other issues may have demanded precedence since it was filed, or it may have simply slipped through the cracks. If any viewer/watcher feels closing this ticket is an error, please re-open it and add a comment explaining. Our apologies in advance for any mistake on this. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.33904.1398957162000.125724.1611729180022%40Atlassian.JIRA.
Jira (PUP-2413) Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations
Title: Message Title Josh Cooper updated an issue Puppet / PUP-2413 Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations Change By: Josh Cooper Team: Coremunity Platform OS Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2413) Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations
Title: Message Title Jacob Helwig updated an issue Puppet / PUP-2413 Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations Change By: Jacob Helwig Sub-team: Coremunity Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2413) Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations
Title: Message Title Moses Mendoza updated an issue Puppet / PUP-2413 Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations Change By: Moses Mendoza Labels: selinux triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2413) Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations
Title: Message Title John Duarte updated an issue Puppet / PUP-2413 Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations Change By: John Duarte Labels: selinux Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2413) Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-2413 Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations Change By: Maggie Dreyer Labels: selinux triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2413) Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations
Title: Message Title Logan Attwood created an issue Puppet / PUP-2413 Attempting to log the output of service initialization on CentOS 6.5 causes SELinux violations Issue Type: Bug Assignee: Unassigned Created: 01/May/14 8:12 AM Environment: CentOS 6.5 Puppet 3.5.0 Priority: Normal Reporter: Logan Attwood It looks like puppet is creating a file in /tmp to connect to the stdout of service httpd start to. Out of the box CentOS 6 (and I can only assume RHEL 6) does not permit Apache to write to /tmp, causing an SELinux violation similar to the following: kernel: type=1400 audit(1398909812.247:10): avc: denied { read write } for pid=20375 comm=httpd path=/tmp/puppet20140501-19869-xtobvy-0 dev=xvde ino=18584 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file I suspect this had to do with bringing the service resource providers up to feature parity with the exec resource providers. The workaround would be to accept not getting Apache's startup output when using Puppet, or create an selinux module to permit apache writing to /tmp.