Last active
January 3, 2016 08:09
-
-
Save Pablohn26/8434558 to your computer and use it in GitHub Desktop.
Selinux problem: invalid selinux context
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hi, | |
| I am having problems when I use the template module over a ZFS filesystem with NFS mounted with a selinux context for Apache. | |
| The command is the next: | |
| - name: Base Files - template /cluster/default/apache/created/index.html.j2 | |
| template: src=cluster/default/apache/created/index.html.j2 dest=/cluster/default/apache/created/index.html owner=apache group=apache mode=0644 | |
| I have also used: | |
| - name: Base Files - template /cluster/default/apache/created/index.html.j2 | |
| template: src=cluster/default/apache/created/index.html.j2 dest=/cluster/default/apache/created/index.html owner=apache group=apache mode=0644 selevel="s0" serole="object_r" seuser="system_u" setype="httpd_sys_content_t" | |
| The context and content of the folder is the next: | |
| [root@cp-dev02 apache]# ls -laZ created/ | |
| drwxr-xr-x. 80 80 system_u:object_r:httpd_sys_content_t:s0 . | |
| drwxr-xr-x. 80 80 system_u:object_r:httpd_sys_content_t:s0 .. | |
| -rw-------. root 80 system_u:object_r:httpd_sys_content_t:s0 .index.html.15770.1389707624.44 | |
| -rw-------. root 80 system_u:object_r:httpd_sys_content_t:s0 .index.html.16057.1389711860.52 | |
| (... more hidden files of each try...) | |
| cat /etc/fstab: | |
| 10.199.3.26:/mnt/tank/cluster/default /cluster/default nfs defaults,nolock,noatime,nodiratime,actimeo=3,context=system_u:object_r:httpd_sys_content_t:s0 0 0 | |
| TASK: [control | Base Files - template /cluster/default/apache/created/index.html.j2] *** | |
| <10.199.3.26> ESTABLISH CONNECTION FOR USER: root | |
| <10.199.3.26> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/pablo/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', '10.199.3.26', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1389782629.68-141511421134203 && echo $HOME/.ansible/tmp/ansible-tmp-1389782629.68-141511421134203'"] | |
| <10.199.3.26> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/pablo/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', '10.199.3.26', u'/bin/sh -c \'rc=0; [ -r "/cluster/default/apache/created/index.html" ] || rc=2; [ -f "/cluster/default/apache/created/index.html" ] || rc=1; [ -d "/cluster/default/apache/created/index.html" ] && rc=3; (/usr/bin/md5sum /cluster/default/apache/created/index.html 2>/dev/null) || (/sbin/md5sum -q /cluster/default/apache/created/index.html 2>/dev/null) || (/usr/bin/digest -a md5 /cluster/default/apache/created/index.html 2>/dev/null) || (/sbin/md5 -q /cluster/default/apache/created/index.html 2>/dev/null) || (/usr/bin/md5 -n /cluster/default/apache/created/index.html 2>/dev/null) || (/bin/md5 -q /cluster/default/apache/created/index.html 2>/dev/null) || (/usr/bin/csum -h MD5 /cluster/default/apache/created/index.html 2>/dev/null) || (echo "${rc} /cluster/default/apache/created/index.html")\''] | |
| <10.199.3.26> PUT /tmp/tmpDrpzWD TO /root/.ansible/tmp/ansible-tmp-1389782629.68-141511421134203/source | |
| <10.199.3.26> PUT /tmp/tmpG6Gy6a TO /root/.ansible/tmp/ansible-tmp-1389782629.68-141511421134203/copy | |
| <10.199.3.26> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/pablo/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=root', '-o', 'ConnectTimeout=10', '10.199.3.26', "/bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1389782629.68-141511421134203/copy; rm -rf /root/.ansible/tmp/ansible-tmp-1389782629.68-141511421134203/ >/dev/null 2>&1'"] | |
| failed: [10.199.3.26] => {"cur_context": ["system_u", "object_r", "httpd_sys_content_t", "s0"], "failed": true, "gid": 80, "group": "80", "input_was": ["system_u", "object_r", "default_t", "s0"], "item": "", "mode": "0600", "new_context": ["system_u", "object_r", "default_t", "s0"], "owner": "root", "path": "/cluster/default/apache/created/.index.html.16728.1389782630.08", "secontext": "system_u:object_r:httpd_sys_content_t:s0", "size": 827, "state": "file", "uid": 0} | |
| msg: invalid selinux context | |
| FATAL: all hosts have already failed -- aborting | |
| Environment: | |
| -ansible-playbook --version: ansible-playbook 1.5 | |
| -yum info libselinux-python: installed | |
| -running ansible from: Fedora Core 19, 3.12.6-200.fc19.x86_64 | |
| -running ansible over: CentOS 6, 2.6.32-431.3.1.el6.x86_64 | |
| -python --version: Python 2.7.5 | |
| Note: if I make a template over /tmp and the copy with cp command from /tmp to the folder that I want, it works and it conserves the context and permission. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment