Hello, I installed Local Gitlab server 15.0.2 on my Redhat 7.9 server. However, Redhat 7.9 gave an error message in the warning message as follows. What exactly does this message mean. For now, gitlab is working fine, but I am worried about what kind of problems this message may cause me in the future and I want to fix this error. I need a step by step support on this issue. I would be very happy if you help me.
SELinux is preventing systemd-readahe from ‘read, open’ accesses on the file /var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that systemd-readahe should be allowed read open access on the gitlab_shell_secret file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
ausearch -c ‘systemd-readahe’ --raw | audit2allow -M my-systemdreadahe
semodule -i my-systemdreadahe.pp
Additional Information:
Source Context system_u:system_r:readahead_t:s0
Target Context unconfined_u:object_r:gitlab_shell_t:s0
Target Objects /var/opt/gitlab/gitlab-
rails/etc/gitlab_shell_secret [ file ]
Source systemd-readahe
Source Path systemd-readahe
Port
Host tutelgitlab
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name tutelgitlab
Platform Linux tutelgitlab 3.10.0-1160.81.1.el7.x86_64 #1
SMP Thu Nov 24 12:21:22 UTC 2022 x86_64 x86_64
Alert Count 4
First Seen 2023-01-10 08:32:28 +03
Last Seen 2023-01-10 11:07:37 +03
Local ID 28b151d4-32d6-413d-a6f8-50abcddcb993
Raw Audit Messages
type=AVC msg=audit(1673338057.508:188): avc: denied { read open } for pid=815 comm=“systemd-readahe” path=“/var/opt/gitlab/gitlab-rails/etc/gitlab_shell_secret” dev=“dm-0” ino=539272039 scontext=system_u:system_r:readahead_t:s0 tcontext=unconfined_u:object_r:gitlab_shell_t:s0 tclass=file permissive=0
Hash: systemd-readahe,readahead_t,gitlab_shell_t,file,read,open