View Issue Details

IDProjectCategoryView StatusLast Update
0010990CentOS-7Cloud-Imagespublic2017-05-26 00:52
Status newResolutionopen 
PlatformX86_64OSCentOSOS Version7.2
Product Version7.2.1511 
Target VersionFixed in Version 
Summary0010990: cloud-init chef module fails restoring SELinux labels
DescriptionCloud-init is failing to bootstrap chef when SELinux is enabled. It occurs when it attempts to relabel /var/lib/nfs/rpc_pipefs as part of creating /var/lib/chef and relabeling /var/lib. Libselinux-python is encountering:

/var/lib/nfs/rpc_pipefs(/.*)? <<none>>

which causes matchpathcon to return
  OSError: [Errno 2] No such file or directory
and causes cloud-init to abort the chef module.

The error is occurring before Chef is invoked. It fails during the directory-preparation step due to a directory that is specified in the selinux configuration as not having a default context. This bubbles up as a not-found error that is not handled by
Steps To Reproduce1. Provision a CentOS AMI that has SELinux in enforcing mode.
2. Launch the node with a userdata that invokes the chef handler. A working chef server is not required for the test.
3. While creating /var/lib/chef, /var/lib is recursively re-labeled for SELinux.
4. The process fails when it encounters /var/lib/nfs/rpc_pipefs and aborts chef installation.
Additional Information [CLOUDINIT][DEBUG]: Running chef (<module 'cloudinit.config.cc_chef' from '/usr/lib/python2.7/site-packages/cloudinit/config/'>) failed
  Traceback (most recent call last):
    File "/usr/lib/python2.7/site-packages/cloudinit/", line 658, in _run_modules, mod.handle, func_args, freq=freq)
    File "/usr/lib/python2.7/site-packages/cloudinit/", line 63, in run
      return, functor, args, freq, clear_on_fail)
    File "/usr/lib/python2.7/site-packages/cloudinit/", line 197, in run
      results = functor(*args)
    File "/usr/lib/python2.7/site-packages/cloudinit/config/", line 54, in handle
    File "/usr/lib/python2.7/site-packages/cloudinit/", line 1291, in ensure_dir
    File "/usr/lib/python2.7/site-packages/cloudinit/", line 167, in __exit__
      self.selinux.restorecon(path, recursive=self.recursive)
    File "/usr/lib64/python2.7/site-packages/selinux/", line 95, in restorecon
      for fname in fnames]), None)
    File "/usr/lib64/python2.7/", line 246, in walk
      walk(name, func, arg)
    File "/usr/lib64/python2.7/", line 238, in walk
      func(arg, top, names)
    File "/usr/lib64/python2.7/site-packages/selinux/", line 95, in <lambda>
      for fname in fnames]), None)
    File "/usr/lib64/python2.7/site-packages/selinux/", line 85, in restorecon
      status, context = matchpathcon(path, mode)
  OSError: [Errno 2] No such file or directory

Relevant line in /etc/selinux/targeted/contexts/files/file_contexts:
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
TagsNo tags attached.




2017-05-26 00:52

reporter   ~0029340

I worked around this bug by adding this to my cloud-config; not elegant but it works:

          # solves bug:
         - mkdir -p /etc/chef
         - mkdir -p /var/log/chef
         - mkdir -p /var/lib/chef
         - mkdir -p /var/cache/chef
         - mkdir -p /var/backups/chef
         - mkdir -p /var/run/chef

Issue History

Date Modified Username Field Change
2016-06-09 14:01 jhmartin New Issue
2017-05-26 00:52 swackhamer Note Added: 0029340