Server error when trying to log in ClusterControl

Comments

3 comments

  • Avatar
    Florin Samareanu

    Some logs might be required. Does the error come after disabling selinux using setenforce 0 ?

    0
    Comment actions Permalink
  • Avatar
    Raf van de Vreugde

    Yes it does.
    Which logs are needed?

     

    0
    Comment actions Permalink
  • Avatar
    Raf van de Vreugde

    Got it working after this:

    ausearch -m avc -ts today
    cat /var/log/audit/audit.log | audit2why
    ausearch --raw | grep httpd | audit2allow -M cluco_httpd
    semodule -i cluco_httpd
    reboot

    Command result of ausearch -m avc -ts today

    type=AVC msg=audit(1698852940.086:27): avc:  denied  { name_bind } for  pid=788 comm="httpd" src=19501 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0

        Was caused by:
            Unknown - would be allowed by active policy
            Possible mismatch between this policy and the one under which the audit message was generated.

            Possible mismatch between current in-memory boolean settings vs. permanent ones.

    And for cat /var/log/audit/audit.log | audit2why

    type=AVC msg=audit(1698854556.445:124): avc:  denied  { name_connect } for  pid=848 comm="httpd" dest=9501 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0

        Was caused by:
        One of the following booleans was set incorrectly.
        Description:
        Allow httpd to can network connect

        Allow access by executing:
        # setsebool -P httpd_can_network_connect 1
        Description:
        Allow nis to enabled

        Allow access by executing:
        # setsebool -P nis_enabled 1

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk