SDP-562 | Support SELinux in enforcing mode on RHEL 8/CentOS 8/Rocky Linux 8. Add suppo...rt for SELinux ("Security Enhanced Linux)") in enforcing mode on RHEL 8, CentOS 8, and Rocky Linux 8. With implementation of SDP-350, SDP added support for SELinux in enforcing mode. This works with RHEL/CentOS 6 and 7, as well as Ubuntu 18.04 and 20.04. However, changes in SELinux in RHEL, and thus CentOS 8 and Rocky Linux 8, cause the systemd unit files packaged with the SDP to be unable to start the p4d process if SELinux is enabled in enforcing mode. === Sample Failure === As perforce@helix-centos8.p4demo.com: $ sudo systemctl start p4d_1 Job for p4d_1.service failed because the control process exited with error code. See "systemctl status p4d_1.service" and "journalctl -xe" for details. $ journalctl -xe <excerpt of output> -- Unit p4d_1.service has begun starting up. Oct 08 12:47:31 helix-centos8.p4demo.com systemd[18518]: p4d_1.service: Failed to execute command: Permission denied Oct 08 12:47:31 helix-centos8.p4demo.com systemd[18518]: p4d_1.service: Failed at step EXEC spawning /p4/1/bin/p4d_1_init: Permission> -- Subject: Process /p4/1/bin/p4d_1_init could not be executed This seems to be due to new SELinux behavior in CentOS 8, as the SDP systemd 'unit' files are known to work with SELinux in enforcing on other OS versions. A review of RHEL release notes indicates significant changes were made to SELinux for RHEL 8. A bit of Googling indicates SELinux changes on RHEL/CentOS 8 can break systemd unit files if SELinux is enabled in enforcing mode. Links: * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/8.0_release_notes/index * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/using_selinux/index « | |
Add Job |