Add info for systemd based distros by stratakis · Pull Request #583

Add info for systemd based distros by stratakis · Pull Request #583 · python/devguide

stratakis May 21, 2020
Author

So after following the instructions on the buildbot worker page to set it up and creating the systemd unit files, when trying to start the service, initially this error message is show (date/time is trimmed out):

`
Following twistd.log until startup finished..
AVC avc: denied { read } for pid=1 comm="systemd" name="twistd.pid" dev="dm-0" ino=25387713 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0

AVC avc: denied { read } for pid=1 comm="systemd" name="twistd.pid" dev="dm-0" ino=25387713 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0

localhost systemd[1]: buildbot-worker.service: Can't convert PID files /home/buildbot/buildarea/twistd.pid O_PATH file descriptor to proper file descriptor: Permission denied

localhost setroubleshoot[1489084]: SELinux is preventing systemd from read access on the file twistd.pid. For complete SELinux messages run: sealert -l 57d3c874-be75-46f6-82c9-3680ac54002c

localhost python3[1489084]: SELinux is preventing systemd from read access on the file twistd.pid.#12#012***** Plugin catchall (100. confidence) suggests **************************#12#012
If you believe that systemd should be allowed read access on the twistd.pid file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#12# ausearch -c 'systemd' --raw | audit2allow -M my-systemd#012# semodule -X 300 -i my-systemd.pp#012

localhost setroubleshoot[1489084]: SELinux is preventing systemd from read access on the file twistd.pid. For complete SELinux messages run: sealert -l 57d3c874-be75-46f6-82c9-3680ac54002c

localhost python3[1489084]: SELinux is preventing systemd from read access on the file twistd.pid.#12#012***** Plugin catchall (100. confidence) suggests **************************#12#012If you believe that systemd should be allowed read access on the twistd.pid file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#12# ausearch -c 'systemd' --raw | audit2allow -M my-systemd#012# semodule -X 300 -i my-systemd.pp#012
`
After adjusting the policy, another error comes up:

`
Following twistd.log until startup finished..

localhost audit[1]: AVC avc: denied { open } for pid=1 comm="systemd" path="/home/buildbot/buildarea/twistd.pid" dev="dm-0" ino=25387713 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0

localhost systemd[1]: buildbot-worker.service: Can't convert PID files /home/buildbot/buildarea/twistd.pid O_PATH file descriptor to proper file descriptor: Permission denied

localhost setroubleshoot[8714]: SELinux is preventing systemd from open access on the file /home/buildbot/buildarea/twistd.pid. For complete SELinux messages run: sealert -l 3d54c639-fea4-4a18-be47-c5fe1d57a02a

localhost python3[8714]: SELinux is preventing systemd from open access on the file /home/buildbot/buildarea/twistd.pid.#012#012***** Plugin catchall (100. confidence) suggests **************************#12#012If you believe that systemd should be allowed open access on the twistd.pid file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#12# ausearch -c 'systemd' --raw | audit2allow -M my-systemd#012# semodule -X 300 -i my-systemd.pp#012`

After allowing that as well, the service starts normally.

stratakis May 21, 2020 Author

stratakis May 21, 2020
Author