Closed bianchidotdev closed 1 month ago
Can confirm that on my install of ucore:stable
it's same
Same issue here, I just set up a fresh VM and bootstrapped from CoreOS today and issue only exists after rebasing to ucore-hci:stable
.
FYI the SELinux error log is:
type=AVC msg=audit(1718489462.110:101): avc: denied { add_name } for pid=1375 comm="(gssproxy)" name="clients" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:gssproxy_var_lib_t:s0 tclass=dir permissive=0
In cockpit, there is a solution provided:
ausearch -c '(gssproxy)' --raw | audit2allow -M my-gssproxy
semodule -X 300 -i my-gssproxy.pp
This seems to fix the gssproxy.service. Caution: I have no idea how SELinux works or if this is a bad idea...
FYI the SELinux error log is:
type=AVC msg=audit(1718489462.110:101): avc: denied { add_name } for pid=1375 comm="(gssproxy)" name="clients" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:gssproxy_var_lib_t:s0 tclass=dir permissive=0
In cockpit, there is a solution provided:
ausearch -c '(gssproxy)' --raw | audit2allow -M my-gssproxy semodule -X 300 -i my-gssproxy.pp
This seems to fix the gssproxy.service. Caution: I have no idea how SELinux works or if this is a bad idea...
I was able to start the service after following the command to add gssproxy auditing and installing the module in SE linux (At least that is what I gather from the above command).
Upon upgrade to ucore:stable version 40.20240504.3.0 from 39.20240407.3.0, I'm getting a systemd error for gssproxy. I'm struggling figuring out if this is specific to ucore or a more general CoreOS issue, but I thought I'd start here since it looks like it might be brought in with
nfs-utils
.Unfortunately, I'm a noob when it comes to SELinux, but by momentarily disabling selinux and restarting gssproxy, it was able to create the necessary files/directory and now seems to run successfully. I'm not sure what the real solution would be though.