Bug #9407: memcached plugin not working with selinux enabled - SELinux - Foreman

Actions

Copy link

Bug #9407

closed

memcached plugin not working with selinux enabled

Added by Gerwin Krist about 9 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Sean O'Keeffe

Category:

Plugins

Target version:

1.18.0

Difficulty:

easy

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman-selinux/pull/76

Fixed in Releases:

Found in Releases:

Foreman - 1.7.2

Red Hat JIRA:

Description

The memcached plugin is not working because passenger is not allowed to connect memcache_port_t

Reproduce:

Just install the ruby193-rubygem-foreman_memcache package and configure it to localhost
login on Foreman

Result:

In production log: DalliError: No server available
selinux logs: ruby system_u:system_r:passenger_t:s0 42 tcp_socket name_connect system_u:object_r:memcache_port_t:s0 denied 16180

Solutions

setsebool -P passenger_can_connect_all=on (personally my last resort solution)
Create a selinux module (See below)

module passenger_can_connect_memcache 1.0;

require {
        type passenger_t;
        type memcache_port_t;
        class tcp_socket name_connect;
}

#============= passenger_t ==============

#!!!! This avc can be allowed using the boolean 'passenger_can_connect_all'
allow passenger_t memcache_port_t:tcp_socket name_connect;

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » SELinux

Custom queries

Bug #9407

memcached plugin not working with selinux enabled

Updated by Dominic Cleal about 9 years ago

Updated by The Foreman Bot over 6 years ago

Updated by Anonymous over 6 years ago

Updated by Lukas Zapletal almost 6 years ago

Updated by Lukas Zapletal almost 6 years ago

Updated by Anonymous almost 6 years ago