389-ds-base

Clone
Source Code
GIT

#48293 start-ds-admin and dirsrv-admin.service start httpd under different SELinux contexts
Closed: wontfix None Opened 8 years ago by vashirov.

Closed: wontfix
Reopen Issue

Description of problem:
start-ds-admin and dirsrv-admin.service start httpd under different SELinux contexts. This causes pidfile and socket created with different labels, which causes inability to restart Admin server from GUI Console.

/usr/sbin/start-ds-admin:
 98 if [ -z "yes" ] ; then
 99     if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
100         SELINUX_CMD="runcon -t unconfined_t --"
101     fi
102 fi
103 
104 $SELINUX_CMD $HTTPD $OMIT_DEFLATE -k start -f /etc/dirsrv/admin-serv/httpd.conf "$@"

Version-Release number of selected component (if applicable):
389-admin-1.1.42-1.el7dsrv.x86_64

How reproducible:
always

Steps to Reproduce:
1. start Admin server using start-ds-admin
2. stop Admin server
3. start Admin server using systemctl start dirsrv-admin

Actual results:

# start-ds-admin 
# ps -Zaux | grep [h]ttpd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 8308 0.0  0.1 165132 3028 ? Ss 17:14   0:00 /usr/sbin/httpd -k start -f /etc/dirsrv/admin-serv/httpd.conf
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 8310 0.0  0.1 165116 2104 ? S 17:14   0:00 /usr/sbin/httpd -k start -f /etc/dirsrv/admin-serv/httpd.conf
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 nobody 8311 0.0  0.3 771604 6144 ? Sl 17:14   0:00 /usr/sbin/httpd -k start -f /etc/dirsrv/admin-serv/httpd.conf
# ls /var/run/dirsrv/admin-serv.pid -laZ
-rw-r--r--. root root unconfined_u:object_r:dirsrv_var_run_t:s0 /var/run/dirsrv/admin-serv.pid


# systemctl start dirsrv-admin
# ps -Zaux | grep [h]ttpd
system_u:system_r:httpd_t:s0    root      8226  0.0  0.1 165132  3020 ?        Ss   17:13   0:00 /usr/sbin/httpd -k start -f /etc/dirsrv/admin-serv/httpd.conf
system_u:system_r:httpd_t:s0    root      8227  0.0  0.1 165116  2100 ?        S    17:13   0:00 /usr/sbin/httpd -k start -f /etc/dirsrv/admin-serv/httpd.conf
system_u:system_r:httpd_t:s0    nobody    8228  0.0  0.3 771604  6136 ?        Sl   17:13   0:00 /usr/sbin/httpd -k start -f /etc/dirsrv/admin-serv/httpd.conf
# ls /var/run/dirsrv/admin-serv.pid -laZ
-rw-r--r--. root root system_u:object_r:dirsrv_var_run_t:s0 /var/run/dirsrv/admin-serv.pid

Expected results:
start-ds-admin should not use unconfined_t for httpd.

Note: Milestone is up to the SELinux policy fix.

The selinux policy will be fixed in RHEL 7.3 (aka 1.3.5), closing ticket...

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.5.0
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1624

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
None
QE
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.