Segmentation fault when running Puppet Installation Manager (PIM) wizard on RHEL9 with SELinux Enforced - Githubissues

puppetlabs / puppet-enterprise_issues

This repository will allow public community members to file bug reports against Puppet Enterprise

1 stars 0 forks source link

Segmentation fault when running Puppet Installation Manager (PIM) wizard on RHEL9 with SELinux Enforced #29

Open jortencio opened 2 months ago

jortencio commented 2 months ago

Describe the Bug

When running PIM on RHEL 9 with SELinux Enforced, a segmentation fault is encountered:

Expected Behavior

Expect to start up the PIM Wizard

Steps to Reproduce

Download PIM for Linux from https://www.puppet.com/downloads/puppet-installation-manager-beta on RHEL9 host with SELinux enforced (default) curl -JLO https://downloads.puppetlabs.com/pim/puppet-installation-manager-v1.1.1-linux.zip
Unzip the zip file unzip puppet-installation-manager-v1.1.1-linux.zip
Run the PIM Wizard ./pim wizard

Environment

PIM Version: 1.1.1
Platform: Red Hat Enterprise Linux 9

Additional Context

I had some suspicions that it might be related to SELinux so I checked the audit log (/var/log/audit/audit.log) and found the following:

type=AVC msg=audit(1713315574.982:351): avc:  denied  { execmod } for  pid=13856 comm="pim" path="/root/pim_project/pim" dev="xvda4" ino=92285117 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0

As a workaround to allow PIM to run, I've followed the suggestion from sealert:

# ausearch -c 'pim' --raw | audit2allow -M my-pim
# semodule -i my-pim.pp

github-actions[bot] commented 2 months ago

Migrated issue to PE-38150