Selinux blocks automation hub webpage from displaying
Issue
- Selinux blocks automation hub webpage from displaying
-
When selinux is disabled, the ansible hub webpage loads fine. When selinux is enabled, it returns with a Bad Gateway error. here is an excerpt from the audit logs showing that selinux denied nginx from loading the webpage:
node=phub1 type=AVC msg=audit(1668620867.970:246): avc: denied { write } for pid=993 comm="nginx" name="pulpcore-api.sock" dev="tmpfs" ino=25335 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 node=phub1 type=SYSCALL msg=audit(1668620867.970:246): arch=c000003e syscall=42 success=no exit=-13 a0=f a1=56434559f8f8 a2=6e a3=7ffd99563f1c items=1 ppid=992 pid=993 auid=4294967295 uid=987 gid=983 euid=987 suid=987 fsuid=987 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="nginx" GID="nginx" EUID="nginx" SUID="nginx" FSUID="nginx" EGID="nginx" SGID="nginx" FSGID="nginx" node=phub1 type=SOCKADDR msg=audit(1668620867.970:246): saddr=01002F7661722F72756E2F70756C70636F72652D6170692F70756C70636F72652D6170692E736F636B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000SADDR={ saddr_fam=local path=/var/run/pulpcore-api/pulpcore-api.sock } node=phub1 type=CWD msg=audit(1668620867.970:246): cwd="/" node=phub1 type=PATH msg=audit(1668620867.970:246): item=0 name="/var/run/pulpcore-api/pulpcore-api.sock" inode=25335 dev=00:17 mode=0140777 ouid=988 ogid=984 rdev=00:00 obj=system_u:object_r:var_run_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="pulp" OGID="pulp" node=phub1 type=PROCTITLE msg=audit(1668620867.970:246): proctitle=6E67696E783A20776F726B65722070726F63657373 node=phub1 type=AVC msg=audit(1668620867.985:247): avc: denied { write } for pid=993 comm="nginx" name="pulpcore-api.sock" dev="tmpfs" ino=25335 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 node=phub1 type=SYSCALL msg=audit(1668620867.985:247): arch=c000003e syscall=42 success=no exit=-13 a0=f a1=56434559f8f8 a2=6e a3=7ffd99563f5c items=1 ppid=992 pid=993 auid=4294967295 uid=987 gid=983 euid=987 suid=987 fsuid=987 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="nginx" GID="nginx" EUID="nginx" SUID="nginx" FSUID="nginx" EGID="nginx" SGID="nginx" FSGID="nginx" node=phub1 type=SOCKADDR msg=audit(1668620867.985:247): saddr=01002F7661722F72756E2F70756C70636F72652D6170692F70756C70636F72652D6170692E736F636B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000SADDR={ saddr_fam=local path=/var/run/pulpcore-api/pulpcore-api.sock } node=phub1 type=CWD msg=audit(1668620867.985:247): cwd="/" node=phub1 type=PATH msg=audit(1668620867.985:247): item=0 name="/var/run/pulpcore-api/pulpcore-api.sock" inode=25335 dev=00:17 mode=0140777 ouid=988 ogid=984 rdev=00:00 obj=system_u:object_r:var_run_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="pulp" OGID="pulp" node=phub1 type=PROCTITLE msg=audit(1668620867.985:247): proctitle=6E67696E783A20776F726B65722070726F63657373 node=phub1 type=SERVICE_START msg=audit(1668620868.958:248): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
Environment
- Red Hat Automation Hub
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
