Jenkins switched to systemd "recently" check this page for how to change env variables and such https://www.jenkins.io/doc/book/system-administration/systemd-services/
On Mon, Dec 5, 2022 at 8:40 AM [email protected] <[email protected]> wrote: > Changing the JENKINS_HOME directory in that config file didn't work. I > got the same error some it's using that link somewhere else... > > Thanks, > Eric > > On Monday, December 5, 2022 at 8:09:31 AM UTC-7 [email protected] wrote: > >> Hi All, >> >> I'm running into an issue running Jenkins as a service in RHEL 8 with >> SELINUX running (I don't have a choice). It seems since /var/lib/jenkins >> is a symbolic link to /opt/jenkins, SELINUX doesn't want to allow running >> the service from there. Would it be acceptable to just change the value >> for JENKINS_HOME to /opt/jenkins in /etc/sysconfig/jenkins? Thanks! >> >> >> ]# journalctl -xe >> >> You can generate a >> local policy module to allow this access. >> >> Do >> >> allow this access for >> now by executing: >> >> # ausearch -c >> '(jenkins)' --raw | audit2allow -M my-jenkins >> >> # semodule -X 300 -i >> my-jenkins.pp >> >> >> >> Dec 02 10:45:03 nd655bd001 setroubleshoot[144816]: AnalyzeThread.run(): >> Set alarm timeout to 10 >> >> Dec 02 10:45:03 nd655bd001 setroubleshoot[144816]: AnalyzeThread.run(): >> Cancel pending alarm >> >> Dec 02 10:45:07 nd655bd001 setroubleshoot[144816]: SELinux is preventing >> /usr/lib/systemd/systemd from read access on the lnk_file /var/lib/jenkins. >> For com> >> >> Dec 02 10:45:07 nd655bd001 setroubleshoot[144816]: SELinux is preventing >> /usr/lib/systemd/systemd from read access on the lnk_file /var/lib/jenkins. >> >> >> >> ***** Plugin >> catchall_labels (83.8 confidence) suggests ******************* >> >> >> >> If you want to allow >> systemd to have read access on the jenkins lnk_file >> >> Then you need to >> change the label on /var/lib/jenkins >> >> Do >> >> # semanage fcontext -a >> -t FILE_TYPE '/var/lib/jenkins' >> >> where FILE_TYPE is one >> of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, >> NetworkManager_un> >> >> Then execute: >> >> restorecon -v >> '/var/lib/jenkins' >> >> >> >> >> >> ***** Plugin catchall >> (17.1 confidence) suggests ************************** >> >> >> >> If you believe that >> systemd should be allowed read access on the jenkins lnk_file by default. >> >> Then you should report >> this as a bug. >> >> You can generate a >> local policy module to allow this access. >> >> Do >> >> allow this access for >> now by executing: >> >> # ausearch -c >> '(jenkins)' --raw | audit2allow -M my-jenkins >> >> # semodule -X 300 -i >> my-jenkins.pp >> >> >> >> Dec 02 10:45:07 nd655bd001 setroubleshoot[144816]: AnalyzeThread.run(): >> Set alarm timeout to 10 >> >> Dec 02 10:45:18 nd655bd001 systemd[1]: setroubleshootd.service: Succeeded. >> >> -- Subject: Unit succeeded >> >> -- Defined-By: systemd >> >> -- Support: https://access.redhat.com/support >> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fsupport&data=05%7C01%7Ceric.fetzer%40dynamo.works%7Cf073214ec53d487bba8c08dad4b081f9%7C20011f20d2a44579a5cc40c8d987672b%7C0%7C0%7C638056151829928292%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WMisNWM7KMmRGWY7k0n4euY6NIyCo74ECMq42lMC64Q%3D&reserved=0> >> >> -- >> >> -- The unit setroubleshootd.service has successfully entered the 'dead' >> state. >> >> lines 5338-5376/5376 (END) >> > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/0c57cbc8-8b60-4f6b-852a-bc892b97af38n%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/0c57cbc8-8b60-4f6b-852a-bc892b97af38n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Website: http://earl-of-code.com -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVci8pE95tCky820woRHPjhfkSZvC%2B7c7BXb-%2BUR7XQKTA%40mail.gmail.com.
