Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rootless Podman - SELinux Relabelling Issue #22476

Closed
elpepino89 opened this issue Apr 23, 2024 · 2 comments
Closed

Rootless Podman - SELinux Relabelling Issue #22476

elpepino89 opened this issue Apr 23, 2024 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@elpepino89
Copy link

elpepino89 commented Apr 23, 2024
edited
Loading

Issue Description

I am using a rootless podman container, which gets access denied errors when trying to initialize the data structure on a named volume. In the selinux log there are entries like:

[...]
----
time->Tue Apr 23 18:35:32 2024
type=PROCTITLE msg=audit(1713890132.640:337903): proctitle=2F6F6D642F76657273696F6E732F322E322E307032352E6372652F62696E2F707974686F6E33002F7573722F62696E2F6F6D6400637265617465002D2D6E6F2D746D706673002D750031303030002D670031303030002D2D61646D696E2D70617373776F72640000636D6B
type=SYSCALL msg=audit(1713890132.640:337903): arch=c000003e syscall=188 success=no exit=-13 a0=7fba805f4410 a1=7fba805dbe50 a2=7fba80601e50 a3=1e items=0 ppid=844223 pid=844227 auid=1004 uid=1004 gid=1004 euid=1004 suid=1004 fsuid=1004 egid=1004 sgid=1004 fsgid=1004 tty=pts0 ses=19376 comm="omd" exe="/opt/omd/versions/2.2.0p25.cre/bin/python3.11" subj=system_u:system_r:container_t:s0:c746,c755 key=(null)
type=AVC msg=audit(1713890132.640:337903): avc:  denied  { relabelto } for  pid=844227 comm="omd" name="python3" dev="md2" ino=10889591 scontext=system_u:system_r:container_t:s0:c746,c755 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=0
----
time->Tue Apr 23 18:35:32 2024
type=PROCTITLE msg=audit(1713890132.640:337904): proctitle=2F6F6D642F76657273696F6E732F322E322E307032352E6372652F62696E2F707974686F6E33002F7573722F62696E2F6F6D6400637265617465002D2D6E6F2D746D706673002D750031303030002D670031303030002D2D61646D696E2D70617373776F72640000636D6B
type=SYSCALL msg=audit(1713890132.640:337904): arch=c000003e syscall=189 success=no exit=-13 a0=7fba805f43b0 a1=7fba806019d0 a2=7fba80601b90 a3=1e items=0 ppid=844223 pid=844227 auid=1004 uid=1004 gid=1004 euid=1004 suid=1004 fsuid=1004 egid=1004 sgid=1004 fsgid=1004 tty=pts0 ses=19376 comm="omd" exe="/opt/omd/versions/2.2.0p25.cre/bin/python3.11" subj=system_u:system_r:container_t:s0:c746,c755 key=(null)
type=AVC msg=audit(1713890132.640:337904): avc:  denied  { relabelto } for  pid=844227 comm="omd" name="check_mk" dev="md2" ino=10889601 scontext=system_u:system_r:container_t:s0:c746,c755 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file permissive=0
----
time->Tue Apr 23 18:35:32 2024
type=PROCTITLE msg=audit(1713890132.640:337905): proctitle=2F6F6D642F76657273696F6E732F322E322E307032352E6372652F62696E2F707974686F6E33002F7573722F62696E2F6F6D6400637265617465002D2D6E6F2D746D706673002D750031303030002D670031303030002D2D61646D696E2D70617373776F72640000636D6B
type=SYSCALL msg=audit(1713890132.640:337905): arch=c000003e syscall=188 success=no exit=-13 a0=7fba805f41d0 a1=7fba806019d0 a2=7fba80601b90 a3=1e items=0 ppid=844223 pid=844227 auid=1004 uid=1004 gid=1004 euid=1004 suid=1004 fsuid=1004 egid=1004 sgid=1004 fsgid=1004 tty=pts0 ses=19376 comm="omd" exe="/opt/omd/versions/2.2.0p25.cre/bin/python3.11" subj=system_u:system_r:container_t:s0:c746,c755 key=(null)
type=AVC msg=audit(1713890132.640:337905): avc:  denied  { relabelto } for  pid=844227 comm="omd" name="python" dev="md2" ino=10889602 scontext=system_u:system_r:container_t:s0:c746,c755 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=0
----
time->Tue Apr 23 18:35:32 2024
type=PROCTITLE msg=audit(1713890132.640:337906): proctitle=2F6F6D642F76657273696F6E732F322E322E307032352E6372652F62696E2F707974686F6E33002F7573722F62696E2F6F6D6400637265617465002D2D6E6F2D746D706673002D750031303030002D670031303030002D2D61646D696E2D70617373776F72640000636D6B
type=SYSCALL msg=audit(1713890132.640:337906): arch=c000003e syscall=188 success=no exit=-13 a0=7fba805d2a30 a1=7fba806019d0 a2=7fba80601e50 a3=1e items=0 ppid=844223 pid=844227 auid=1004 uid=1004 gid=1004 euid=1004 suid=1004 fsuid=1004 egid=1004 sgid=1004 fsgid=1004 tty=pts0 ses=19376 comm="omd" exe="/opt/omd/versions/2.2.0p25.cre/bin/python3.11" subj=system_u:system_r:container_t:s0:c746,c755 key=(null)
type=AVC msg=audit(1713890132.640:337906): avc:  denied  { relabelto } for  pid=844227 comm="omd" name="lib" dev="md2" ino=10889587 scontext=system_u:system_r:container_t:s0:c746,c755 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=0
----
time->Tue Apr 23 18:35:32 2024
type=PROCTITLE msg=audit(1713890132.641:337907): proctitle=2F6F6D642F76657273696F6E732F322E322E307032352E6372652F62696E2F707974686F6E33002F7573722F62696E2F6F6D6400637265617465002D2D6E6F2D746D706673002D750031303030002D670031303030002D2D61646D696E2D70617373776F72640000636D6B
type=SYSCALL msg=audit(1713890132.641:337907): arch=c000003e syscall=188 success=no exit=-13 a0=7fba805d2670 a1=7fba805bbed0 a2=7fba805d88d0 a3=1e items=0 ppid=844223 pid=844227 auid=1004 uid=1004 gid=1004 euid=1004 suid=1004 fsuid=1004 egid=1004 sgid=1004 fsgid=1004 tty=pts0 ses=19376 comm="omd" exe="/opt/omd/versions/2.2.0p25.cre/bin/python3.11" subj=system_u:system_r:container_t:s0:c746,c755 key=(null)
type=AVC msg=audit(1713890132.641:337907): avc:  denied  { relabelto } for  pid=844227 comm="omd" name="local" dev="md2" ino=10889528 scontext=system_u:system_r:container_t:s0:c746,c755 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=0
----
time->Tue Apr 23 18:35:32 2024
type=PROCTITLE msg=audit(1713890132.641:337908): proctitle=2F6F6D642F76657273696F6E732F322E322E307032352E6372652F62696E2F707974686F6E33002F7573722F62696E2F6F6D6400637265617465002D2D6E6F2D746D706673002D750031303030002D670031303030002D2D61646D696E2D70617373776F72640000636D6B
type=SYSCALL msg=audit(1713890132.641:337908): arch=c000003e syscall=188 success=no exit=-13 a0=7fba805d0910 a1=7fba805b98d0 a2=7fba805bbed0 a3=1e items=0 ppid=844223 pid=844227 auid=1004 uid=1004 gid=1004 euid=1004 suid=1004 fsuid=1004 egid=1004 sgid=1004 fsgid=1004 tty=pts0 ses=19376 comm="omd" exe="/opt/omd/versions/2.2.0p25.cre/bin/python3.11" subj=system_u:system_r:container_t:s0:c746,c755 key=(null)
type=AVC msg=audit(1713890132.641:337908): avc:  denied  { relabelto } for  pid=844227 comm="omd" name="skel" dev="md2" ino=10889290 scontext=system_u:system_r:container_t:s0:c746,c755 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=0
[...]

Steps to reproduce the issue

Steps to reproduce the issue

  1. running rootless container with podman run --rm -it -v checkmk_sites:/omd/sites/ docker.io/checkmk/check-mk-raw:2.2.0-latest

Describe the results you received

### CREATING SITE 'cmk'
Adding /opt/omd/sites/cmk/tmp to /etc/fstab.
Going to set TMPFS to off.
Traceback (most recent call last):
  File "/usr/bin/omd", line 73, in <module>
    omdlib.main.main()
  File "/omd/versions/2.2.0p25.cre/lib/python3/omdlib/main.py", line 4852, in main
    command.handler(version_info, site, global_opts, args, command_options)
  File "/omd/versions/2.2.0p25.cre/lib/python3/omdlib/main.py", line 2246, in main_create
    admin_password = init_site(version_info, site, global_opts, config_settings, options)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/omd/versions/2.2.0p25.cre/lib/python3/omdlib/main.py", line 2347, in init_site
    save_version_meta_data(site, omdlib.__version__)
  File "/omd/versions/2.2.0p25.cre/lib/python3/omdlib/main.py", line 351, in save_version_meta_data
    shutil.copytree(skelroot, "%s/skel" % site.version_meta_dir, symlinks=True)
  File "/omd/versions/2.2.0p25.cre/lib/python3.11/shutil.py", line 561, in copytree
    return _copytree(entries=entries, src=src, dst=dst, symlinks=symlinks,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/omd/versions/2.2.0p25.cre/lib/python3.11/shutil.py", line 515, in _copytree
    raise Error(errors)
shutil.Error: [(<DirEntry 'share'>, '/omd/sites/cmk/.version_meta/skel/tmp/nagvis/share', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/nagvis/share'"), (<DirEntry 'cache'>, '/omd/sites/cmk/.version_meta/skel/tmp/nagvis/tmpl/cache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/nagvis/tmpl/cache'"), (<DirEntry 'compile'>, '/omd/sites/cmk/.version_meta/skel/tmp/nagvis/tmpl/compile', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/nagvis/tmpl/compile'"), (<DirEntry 'tmpl'>, '/omd/sites/cmk/.version_meta/skel/tmp/nagvis/tmpl', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/nagvis/tmpl'"), (<DirEntry 'nagvis'>, '/omd/sites/cmk/.version_meta/skel/tmp/nagvis', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/nagvis'"), (<DirEntry 'tmp'>, '/omd/sites/cmk/.version_meta/skel/tmp/nagios/tmp', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/nagios/tmp'"), (<DirEntry 'checkresults'>, '/omd/sites/cmk/.version_meta/skel/tmp/nagios/checkresults', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/nagios/checkresults'"), (<DirEntry 'nagios'>, '/omd/sites/cmk/.version_meta/skel/tmp/nagios', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/nagios'"), (<DirEntry 'wsdl-cache'>, '/omd/sites/cmk/.version_meta/skel/tmp/php/wsdl-cache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/php/wsdl-cache'"), (<DirEntry 'upload'>, '/omd/sites/cmk/.version_meta/skel/tmp/php/upload', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/php/upload'"), (<DirEntry 'session'>, '/omd/sites/cmk/.version_meta/skel/tmp/php/session', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/php/session'"), (<DirEntry 'php'>, '/omd/sites/cmk/.version_meta/skel/tmp/php', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/php'"), (<DirEntry 'run'>, '/omd/sites/cmk/.version_meta/skel/tmp/apache/run', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/apache/run'"), (<DirEntry 'fcgid_sock'>, '/omd/sites/cmk/.version_meta/skel/tmp/apache/fcgid_sock', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/apache/fcgid_sock'"), (<DirEntry 'apache'>, '/omd/sites/cmk/.version_meta/skel/tmp/apache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/apache'"), (<DirEntry 'piggyback'>, '/omd/sites/cmk/.version_meta/skel/tmp/check_mk/piggyback', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/check_mk/piggyback'"), (<DirEntry 'counters'>, '/omd/sites/cmk/.version_meta/skel/tmp/check_mk/counters', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/check_mk/counters'"), (<DirEntry 'cache'>, '/omd/sites/cmk/.version_meta/skel/tmp/check_mk/cache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/check_mk/cache'"), (<DirEntry 'piggyback_sources'>, '/omd/sites/cmk/.version_meta/skel/tmp/check_mk/piggyback_sources', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/check_mk/piggyback_sources'"), (<DirEntry 'check_mk'>, '/omd/sites/cmk/.version_meta/skel/tmp/check_mk', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/check_mk'"), (<DirEntry 'run'>, '/omd/sites/cmk/.version_meta/skel/tmp/run', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/run'"), (<DirEntry 'rrdcached'>, '/omd/sites/cmk/.version_meta/skel/tmp/rrdcached', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/rrdcached'"), (<DirEntry 'lock'>, '/omd/sites/cmk/.version_meta/skel/tmp/lock', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/lock'"), (<DirEntry 'run'>, '/omd/sites/cmk/.version_meta/skel/tmp/pnp4nagios/run', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/pnp4nagios/run'"), (<DirEntry 'lock'>, '/omd/sites/cmk/.version_meta/skel/tmp/pnp4nagios/lock', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/pnp4nagios/lock'"), (<DirEntry 'stats'>, '/omd/sites/cmk/.version_meta/skel/tmp/pnp4nagios/stats', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/pnp4nagios/stats'"), (<DirEntry 'pnp4nagios'>, '/omd/sites/cmk/.version_meta/skel/tmp/pnp4nagios', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp/pnp4nagios'"), (<DirEntry 'tmp'>, '/omd/sites/cmk/.version_meta/skel/tmp', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/tmp'"), ('/omd/versions/2.2.0p25.cre/skel/.modulebuildrc', '/omd/sites/cmk/.version_meta/skel/.modulebuildrc', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/.modulebuildrc'"), ('/omd/versions/2.2.0p25.cre/skel/.profile', '/omd/sites/cmk/.version_meta/skel/.profile', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/.profile'"), ('/omd/versions/2.2.0p25.cre/skel/.bashrc', '/omd/sites/cmk/.version_meta/skel/.bashrc', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/.bashrc'"), (<DirEntry 'profiles'>, '/omd/sites/cmk/.version_meta/skel/var/nagvis/profiles', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/nagvis/profiles'"), (<DirEntry 'nagvis'>, '/omd/sites/cmk/.version_meta/skel/var/nagvis', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/nagvis'"), (<DirEntry 'archive'>, '/omd/sites/cmk/.version_meta/skel/var/nagios/archive', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/nagios/archive'"), (<DirEntry 'nagios'>, '/omd/sites/cmk/.version_meta/skel/var/nagios', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/nagios'"), (<DirEntry 'backup'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/backup', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/backup'"), (<DirEntry 'snmpwalks'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/snmpwalks', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/snmpwalks'"), (<DirEntry 'logwatch'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/logwatch', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/logwatch'"), (<DirEntry 'web'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/web', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/web'"), (<DirEntry 'autochecks'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/autochecks', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/autochecks'"), (<DirEntry 'precompiled'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/precompiled', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/precompiled'"), (<DirEntry 'log'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato/log', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato/log'"), ('/omd/versions/2.2.0p25.cre/skel/var/check_mk/wato/auth/auth.php', '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato/auth/auth.php', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato/auth/auth.php'"), (<DirEntry 'auth'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato/auth', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato/auth'"), (<DirEntry 'snapshots'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato/snapshots', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato/snapshots'"), (<DirEntry 'wato'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/wato'"), (<DirEntry 'persisted'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/persisted', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/persisted'"), (<DirEntry 'crashes'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/crashes', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/crashes'"), (<DirEntry 'packages'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk/packages', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk/packages'"), (<DirEntry 'check_mk'>, '/omd/sites/cmk/.version_meta/skel/var/check_mk', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/check_mk'"), (<DirEntry 'ssl'>, '/omd/sites/cmk/.version_meta/skel/var/ssl', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/ssl'"), (<DirEntry 'agent-receiver'>, '/omd/sites/cmk/.version_meta/skel/var/log/agent-receiver', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/log/agent-receiver'"), (<DirEntry 'apache'>, '/omd/sites/cmk/.version_meta/skel/var/log/apache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/log/apache'"), (<DirEntry 'mkeventd'>, '/omd/sites/cmk/.version_meta/skel/var/log/mkeventd', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/log/mkeventd'"), (<DirEntry 'log'>, '/omd/sites/cmk/.version_meta/skel/var/log', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/log'"), (<DirEntry 'monitoring-plugins'>, '/omd/sites/cmk/.version_meta/skel/var/monitoring-plugins', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/monitoring-plugins'"), (<DirEntry 'www'>, '/omd/sites/cmk/.version_meta/skel/var/www', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/www'"), (<DirEntry 'rrdcached'>, '/omd/sites/cmk/.version_meta/skel/var/rrdcached', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/rrdcached'"), (<DirEntry 'spool'>, '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios/spool', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios/spool'"), (<DirEntry 'log'>, '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios/log', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios/log'"), (<DirEntry 'perfdata'>, '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios/perfdata', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios/perfdata'"), (<DirEntry 'stats'>, '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios/stats', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios/stats'"), (<DirEntry 'pnp4nagios'>, '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/pnp4nagios'"), (<DirEntry 'redis'>, '/omd/sites/cmk/.version_meta/skel/var/redis', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var/redis'"), (<DirEntry 'var'>, '/omd/sites/cmk/.version_meta/skel/var', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/var'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagvis/conf.d/demo.ini.php', '/omd/sites/cmk/.version_meta/skel/etc/nagvis/conf.d/demo.ini.php', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis/conf.d/demo.ini.php'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagvis/conf.d/omd.ini.php', '/omd/sites/cmk/.version_meta/skel/etc/nagvis/conf.d/omd.ini.php', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis/conf.d/omd.ini.php'"), (<DirEntry 'conf.d'>, '/omd/sites/cmk/.version_meta/skel/etc/nagvis/conf.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis/conf.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagvis/apache.conf', '/omd/sites/cmk/.version_meta/skel/etc/nagvis/apache.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis/apache.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagvis/nagvis.ini.php', '/omd/sites/cmk/.version_meta/skel/etc/nagvis/nagvis.ini.php', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis/nagvis.ini.php'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagvis/geomap/demo-locations.csv', '/omd/sites/cmk/.version_meta/skel/etc/nagvis/geomap/demo-locations.csv', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis/geomap/demo-locations.csv'"), (<DirEntry 'geomap'>, '/omd/sites/cmk/.version_meta/skel/etc/nagvis/geomap', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis/geomap'"), (<DirEntry 'maps'>, '/omd/sites/cmk/.version_meta/skel/etc/nagvis/maps', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis/maps'"), (<DirEntry 'nagvis'>, '/omd/sites/cmk/.version_meta/skel/etc/nagvis', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagvis'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/conf.d/check_mk_templates.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/conf.d/check_mk_templates.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/conf.d/check_mk_templates.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/conf.d/templates.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/conf.d/templates.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/conf.d/templates.cfg'"), (<DirEntry 'conf.d'>, '/omd/sites/cmk/.version_meta/skel/etc/nagios/conf.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/conf.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/resource.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/resource.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/resource.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/ssi/README', '/omd/sites/cmk/.version_meta/skel/etc/nagios/ssi/README', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/ssi/README'"), (<DirEntry 'ssi'>, '/omd/sites/cmk/.version_meta/skel/etc/nagios/ssi', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/ssi'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/config.inc.php', '/omd/sites/cmk/.version_meta/skel/etc/nagios/config.inc.php', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/config.inc.php'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/cgi.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/cgi.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/cgi.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/dependency.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/dependency.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/dependency.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/obsess.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/obsess.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/obsess.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/freshness.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/freshness.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/freshness.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/retention.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/retention.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/retention.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/omd.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/omd.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/omd.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/tuning.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/tuning.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/tuning.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/flapping.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/flapping.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/flapping.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/timing.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/timing.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/timing.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/misc.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/misc.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/misc.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/eventhandler.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/eventhandler.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/eventhandler.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/logging.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/logging.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/logging.cfg'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.d/mk-livestatus.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/mk-livestatus.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d/mk-livestatus.cfg'"), (<DirEntry 'nagios.d'>, '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/nagios/nagios.cfg', '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios/nagios.cfg'"), (<DirEntry 'nagios'>, '/omd/sites/cmk/.version_meta/skel/etc/nagios', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/nagios'"), ('/omd/versions/2.2.0p25.cre/skel/etc/auth.secret', '/omd/sites/cmk/.version_meta/skel/etc/auth.secret', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/auth.secret'"), ('/omd/versions/2.2.0p25.cre/skel/etc/stunnel/conf.d/01-livestatus.conf', '/omd/sites/cmk/.version_meta/skel/etc/stunnel/conf.d/01-livestatus.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/stunnel/conf.d/01-livestatus.conf'"), (<DirEntry 'conf.d'>, '/omd/sites/cmk/.version_meta/skel/etc/stunnel/conf.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/stunnel/conf.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/stunnel/server.conf', '/omd/sites/cmk/.version_meta/skel/etc/stunnel/server.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/stunnel/server.conf'"), (<DirEntry 'stunnel'>, '/omd/sites/cmk/.version_meta/skel/etc/stunnel', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/stunnel'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/cmk_cleanup_piggyback', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_cleanup_piggyback', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_cleanup_piggyback'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/cmk_multisite', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_multisite', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_multisite'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/cmk_discovery', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_discovery', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_discovery'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/cmk_dns_cache', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_dns_cache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_dns_cache'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/php-sessions', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/php-sessions', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/php-sessions'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/cmk_bulk_notify', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_bulk_notify', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_bulk_notify'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/logrotate', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/logrotate', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/logrotate'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/cmk_update_license_usage', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_update_license_usage', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_update_license_usage'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/diskspace', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/diskspace', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/diskspace'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/cmk_inventory', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_inventory', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_inventory'"), ('/omd/versions/2.2.0p25.cre/skel/etc/cron.d/cmk_cleanup_pdf_tmp_files', '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_cleanup_pdf_tmp_files', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d/cmk_cleanup_pdf_tmp_files'"), (<DirEntry 'cron.d'>, '/omd/sites/cmk/.version_meta/skel/etc/cron.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/cron.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/magic', '/omd/sites/cmk/.version_meta/skel/etc/apache/magic', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/magic'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/auth.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/auth.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/auth.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/stats.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/stats.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/stats.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/01_wsgi.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/01_wsgi.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/01_wsgi.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/nagvis.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/nagvis.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/nagvis.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/check_mk.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/check_mk.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/check_mk.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/security.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/security.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/security.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/var_www.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/var_www.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/var_www.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/omd.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/omd.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/omd.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/02_fcgid.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/02_fcgid.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/02_fcgid.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/conf.d/site.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/site.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d/site.conf'"), (<DirEntry 'conf.d'>, '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/conf.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/apache.conf', '/omd/sites/cmk/.version_meta/skel/etc/apache/apache.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/apache.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/apache/php-wrapper', '/omd/sites/cmk/.version_meta/skel/etc/apache/php-wrapper', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache/php-wrapper'"), (<DirEntry 'apache'>, '/omd/sites/cmk/.version_meta/skel/etc/apache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/apache'"), (<DirEntry 'wato'>, '/omd/sites/cmk/.version_meta/skel/etc/check_mk/conf.d/wato', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk/conf.d/wato'"), (<DirEntry 'conf.d'>, '/omd/sites/cmk/.version_meta/skel/etc/check_mk/conf.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk/conf.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/check_mk/multisite.mk', '/omd/sites/cmk/.version_meta/skel/etc/check_mk/multisite.mk', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk/multisite.mk'"), (<DirEntry 'wato'>, '/omd/sites/cmk/.version_meta/skel/etc/check_mk/multisite.d/wato', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk/multisite.d/wato'"), (<DirEntry 'multisite.d'>, '/omd/sites/cmk/.version_meta/skel/etc/check_mk/multisite.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk/multisite.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/check_mk/apache.conf', '/omd/sites/cmk/.version_meta/skel/etc/check_mk/apache.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk/apache.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/check_mk/mkeventd.mk', '/omd/sites/cmk/.version_meta/skel/etc/check_mk/mkeventd.mk', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk/mkeventd.mk'"), ('/omd/versions/2.2.0p25.cre/skel/etc/check_mk/main.mk', '/omd/sites/cmk/.version_meta/skel/etc/check_mk/main.mk', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk/main.mk'"), (<DirEntry 'check_mk'>, '/omd/sites/cmk/.version_meta/skel/etc/check_mk', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/check_mk'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.conf', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/ssl/openssl.cnf.dist', '/omd/sites/cmk/.version_meta/skel/etc/ssl/openssl.cnf.dist', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl/openssl.cnf.dist'"), ('/omd/versions/2.2.0p25.cre/skel/etc/ssl/misc/CA.pl', '/omd/sites/cmk/.version_meta/skel/etc/ssl/misc/CA.pl', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl/misc/CA.pl'"), ('/omd/versions/2.2.0p25.cre/skel/etc/ssl/misc/tsget', '/omd/sites/cmk/.version_meta/skel/etc/ssl/misc/tsget', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl/misc/tsget'"), ('/omd/versions/2.2.0p25.cre/skel/etc/ssl/misc/tsget.pl', '/omd/sites/cmk/.version_meta/skel/etc/ssl/misc/tsget.pl', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl/misc/tsget.pl'"), (<DirEntry 'misc'>, '/omd/sites/cmk/.version_meta/skel/etc/ssl/misc', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl/misc'"), ('/omd/versions/2.2.0p25.cre/skel/etc/ssl/ct_log_list.cnf', '/omd/sites/cmk/.version_meta/skel/etc/ssl/ct_log_list.cnf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl/ct_log_list.cnf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/ssl/openssl.cnf', '/omd/sites/cmk/.version_meta/skel/etc/ssl/openssl.cnf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl/openssl.cnf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/ssl/ct_log_list.cnf.dist', '/omd/sites/cmk/.version_meta/skel/etc/ssl/ct_log_list.cnf.dist', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl/ct_log_list.cnf.dist'"), (<DirEntry 'ssl'>, '/omd/sites/cmk/.version_meta/skel/etc/ssl', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/ssl'"), ('/omd/versions/2.2.0p25.cre/skel/etc/init-hooks.d/sample-start-pre', '/omd/sites/cmk/.version_meta/skel/etc/init-hooks.d/sample-start-pre', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/init-hooks.d/sample-start-pre'"), ('/omd/versions/2.2.0p25.cre/skel/etc/init-hooks.d/README', '/omd/sites/cmk/.version_meta/skel/etc/init-hooks.d/README', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/init-hooks.d/README'"), (<DirEntry 'init-hooks.d'>, '/omd/sites/cmk/.version_meta/skel/etc/init-hooks.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/init-hooks.d'"), ('/omd/versions/2.2.0p25.cre/skel/etc/mail.rc', '/omd/sites/cmk/.version_meta/skel/etc/mail.rc', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/mail.rc'"), ('/omd/versions/2.2.0p25.cre/skel/etc/environment', '/omd/sites/cmk/.version_meta/skel/etc/environment', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/environment'"), ('/omd/versions/2.2.0p25.cre/skel/etc/mk-livestatus/[email protected]', '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus/[email protected]', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus/[email protected]'"), ('/omd/versions/2.2.0p25.cre/skel/etc/mk-livestatus/xinetd.conf', '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus/xinetd.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus/xinetd.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/mk-livestatus/livestatus.socket', '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus/livestatus.socket', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus/livestatus.socket'"), ('/omd/versions/2.2.0p25.cre/skel/etc/mk-livestatus/nagios.cfg', '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus/nagios.cfg', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus/nagios.cfg'"), (<DirEntry 'mk-livestatus'>, '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/mk-livestatus'"), ('/omd/versions/2.2.0p25.cre/skel/etc/xinetd.conf', '/omd/sites/cmk/.version_meta/skel/etc/xinetd.conf', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/xinetd.conf'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/mk-alerts', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/mk-alerts', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/mk-alerts'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/agent-receiver', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/agent-receiver', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/agent-receiver'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/stunnel', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/stunnel', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/stunnel'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/apache', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/apache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/apache'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/livestatus', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/livestatus', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/livestatus'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/agent-registration', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/agent-registration', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/agent-registration'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/web', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/web', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/web'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/ldap', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/ldap', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/ldap'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/mkeventd', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/mkeventd', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/mkeventd'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/diskspace', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/diskspace', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/diskspace'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/apache-stats', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/apache-stats', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/apache-stats'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/rrdcached', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/rrdcached', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/rrdcached'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/update', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/update', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/update'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/mk-notify', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/mk-notify', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/mk-notify'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/agent_bakery', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/agent_bakery', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/agent_bakery'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/redis', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/redis', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/redis'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/license-usage', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/license-usage', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/license-usage'"), ('/omd/versions/2.2.0p25.cre/skel/etc/logrotate.d/xinetd', '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/xinetd', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d/xinetd'"), (<DirEntry 'logrotate.d'>, '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/logrotate.d'"), (<DirEntry 'omd'>, '/omd/sites/cmk/.version_meta/skel/etc/omd', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/omd'"), ('/omd/versions/2.2.0p25.cre/skel/etc/htpasswd', '/omd/sites/cmk/.version_meta/skel/etc/htpasswd', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/htpasswd'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/20-rrdcached', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/20-rrdcached', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/20-rrdcached'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/85-apache', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/85-apache', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/85-apache'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/50-npcd', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/50-npcd', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/50-npcd'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/90-xinetd', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/90-xinetd', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/90-xinetd'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/99-crontab', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/99-crontab', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/99-crontab'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/10-agent-receiver', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/10-agent-receiver', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/10-agent-receiver'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/52-pnp_gearman_worker', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/52-pnp_gearman_worker', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/52-pnp_gearman_worker'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/85-redis', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/85-redis', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/85-redis'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/85-stunnel', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/85-stunnel', "[Errno 13] Permission denied: '/omd/sites/cmk/.version_meta/skel/etc/rc.d/85-stunnel'"), ('/omd/versions/2.2.0p25.cre/skel/etc/rc.d/10-mkeventd', '/omd/sites/cmk/.version_meta/skel/etc/rc.d/10-mkeventd', "[Errno 13] Permission denied: [...]

Describe the results you expected

The init process of checkmk should go through initializing the directory /omd/sites.

### CREATING SITE 'cmk'
Adding /opt/omd/sites/cmk/tmp to /etc/fstab.
Going to set TMPFS to off.
Preparing tmp directory /omd/sites/cmk/tmp...Updating core configuration...
Generating configuration for core (type nagios)...
Precompiling host checks...OK
[...]

podman info output

host:
  arch: amd64
  buildahVersion: 1.33.5
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-2.el9.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: d807bb8c1de3dc05fb66c77d2979a7f6903804bf'
  cpuUtilization:
    idlePercent: 98.52
    systemPercent: 0.38
    userPercent: 1.09
  cpus: 8
  databaseBackend: sqlite
  distribution:
    distribution: centos
    version: "9"
  eventLogger: journald
  freeLocks: 2043
  hostname: xxxxx
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1004
      size: 1
    - container_id: 1
      host_id: 1000000
      size: 1000000
    uidmap:
    - container_id: 0
      host_id: 1004
      size: 1
    - container_id: 1
      host_id: 1000000
      size: 1000000
  kernel: 5.14.0-435.el9.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 49418014720
  memTotal: 66932482048
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.9.0-1.el9.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.9.0
    package: netavark-1.10.3-1.el9.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.14.4-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.14.4
      commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1
      rundir: /run/user/1004/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: false
    path: /run/user/1004/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.3-1.el9.x86_64
    version: |-
      slirp4netns version 1.2.3
      commit: c22fde291bb35b354e6ca44d13be181c76a0a432
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 34325131264
  swapTotal: 34325131264
  uptime: 195h 56m 22.00s (Approximately 8.12 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /home/podman/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.13-1.el9.x86_64
      Version: |-
        fusermount3 version: 3.10.2
        fuse-overlayfs: version 1.13-dev
        FUSE library version 3.10.2
        using FUSE kernel interface version 7.31
  graphRoot: /home/podman/.local/share/containers/storage
  graphRootAllocated: 215892250624
  graphRootUsed: 6799978496
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 5
  runRoot: /tmp/containers-user-1004/containers
  transientStore: false
  volumePath: /home/podman/.local/share/containers/storage/volumes
version:
  APIVersion: 4.9.4-dev
  Built: 1710930166
  BuiltTime: Wed Mar 20 11:22:46 2024
  GitCommit: ""
  GoVersion: go1.21.7 (Red Hat 1.21.7-1.el9)
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4-dev

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

No

Additional environment details

Additional environment details

Additional information

If doing some adjustments to the command it works, so the selinux problem is special for the volume. Examples are:

  • with tmpfs instead of volume:
    podman run --rm -it --tmpfs /omd/sites/ docker.io/checkmk/check-mk-raw:2.2.0-latest

  • without volume:
    podman run --rm -it docker.io/checkmk/check-mk-raw:2.2.0-latest

  • with disabled selinux:
    podman run --rm -it --security-opt label=disable -v checkmk_sites:/omd/sites/ docker.io/checkmk/check-mk-raw:2.2.0-latest

In addition i also tried to add a custom selinux module generated with audit2allow -a -M podman_checkmk_policy. After installing the module, the rootless container works without any issues. To be honest I don't have much experience in selinux, so I do not know if the rule update is fine or if it opens a security whole.

module podman_checkmk_policy 1.0;

require {
	type fusefs_t;
	type container_t;
	type kernel_t;
	type user_home_t;
	class system module_request;
	class file { execute read relabelto };
	class dir { relabelto setattr write };
	class lnk_file relabelto;
}

#============= container_t ==============
allow container_t fusefs_t:dir relabelto;
allow container_t fusefs_t:file relabelto;
allow container_t fusefs_t:lnk_file relabelto;

#!!!! This avc can be allowed using the boolean 'domain_kernel_load_modules'
allow container_t kernel_t:system module_request;
allow container_t user_home_t:dir { setattr write };
allow container_t user_home_t:file { execute read };
@elpepino89 elpepino89 added the kind/bug Categorizes issue or PR as related to a bug. label Apr 23, 2024
@rhatdan
Copy link
Member

rhatdan commented Apr 24, 2024

Looks to me like you have a labeling issue on your homedir, which is either caused by container-selinux blowing up on install or somehow labeling in the /home/podman directory is screwed up.

sudo dnf -y reinstall container-selinux
sudo restorecon -R -v /home/podman/

Does this change the labels.

Where is there a fusefs_t file system? Fuse-overlay?

@elpepino89
Copy link
Author

elpepino89 commented Apr 24, 2024
edited
Loading

You are right, perfect! I have done a podman system reset --force and executed your commands and now the container is working as expected. The system was just a few days old, so maybe really a problem during install. Next time I try setting up a new system first, just to be sure not wasting your time. Sorry for that.

Thank you for your quick reply (and for your blog posts as well).

Where is there a fusefs_t file system? Fuse-overlay?

The only fuse-overlay I am using is in the storage.conf (mount_program = "/usr/bin/fuse-overlayfs").

@stale-locking-app stale-locking-app bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Jul 24, 2024
@stale-locking-app stale-locking-app bot locked as resolved and limited conversation to collaborators Jul 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rhatdan @elpepino89