Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sun, 02 Aug 2015 18:07:52
Message-Id: 1438538749.bf421d08e93e0e098620587655d9326d826f4a5d.swift@gentoo
1 commit: bf421d08e93e0e098620587655d9326d826f4a5d
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Sun Aug 2 18:05:49 2015 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sun Aug 2 18:05:49 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bf421d08
7
8 Salt minion requires execute rights on init to start
9
10 Without execute rights, the salt minion continuously restarts with the
11 following in the log:
12
13 2015-08-02 20:02:57,671 [salt.scripts ][INFO ][30383] Sleeping random_reauth_delay of 6 seconds
14 2015-08-02 20:03:13,558 [salt.cli.daemons ][INFO ][30833] Setting up the Salt Minion "salt.internal.genfic.local"
15 2015-08-02 20:03:13,913 [salt.utils.process][DEBUG ][30833] Created pidfile: /var/run/salt-minion.pid
16 2015-08-02 20:03:13,914 [salt.config ][DEBUG ][30833] Reading configuration from /etc/salt/minion
17 2015-08-02 20:03:13,915 [salt.config ][DEBUG ][30833] Including configuration from '/etc/salt/minion.d/_schedule.conf'
18 2015-08-02 20:03:13,915 [salt.config ][DEBUG ][30833] Reading configuration from /etc/salt/minion.d/_schedule.conf
19 2015-08-02 20:03:14,188 [salt.utils ][TRACE ][30833] 'init' could not be found in the following search path: ['/bin', '/sbin', '/bin', '/sbin', '/usr/bin', '/usr/sbin', '/usr/bin', '/usr/sbin', '/usr/local/bin', '/usr/local/sbin', '/opt/bin', '/usr/x86_64-pc-linux-gnu/gcc-bin/4.8.4']
20 2015-08-02 20:03:14,189 [salt.cli.daemons ][INFO ][30833] The salt minion is shut down
21 2015-08-02 20:03:14,190 [salt.scripts ][ERROR ][30833] coercing to Unicode: need string or buffer, NoneType found
22 2015-08-02 20:03:14,190 [salt.scripts ][WARNING ][30833] ** Restarting minion **
23
24 The denial:
25
26 type=AVC msg=audit(1438538594.186:99014): avc: denied { execute } for pid=30833 comm="salt-minion" name="init" dev="vda3" ino=2900377 scontext=system_u:system_r:salt_minion_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file permissive=0
27
28 policy/modules/contrib/salt.te | 1 +
29 1 file changed, 1 insertion(+)
30
31 diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te
32 index ab19bf7..c00aa50 100644
33 --- a/policy/modules/contrib/salt.te
34 +++ b/policy/modules/contrib/salt.te
35 @@ -288,6 +288,7 @@ fstools_domtrans(salt_minion_t)
36
37 getty_use_fds(salt_minion_t)
38
39 +init_exec(salt_minion_t)
40 init_exec_rc(salt_minion_t)
41
42 miscfiles_read_localization(salt_minion_t)
Report Message
Find on MARC Find on Google Groups