[Spacewalk-list] Spacewalk and SELinux: progress status

[Jan Pazdziora]

Hello,

I've committed a couple more changes to the SELinux policy modules
I've been working on, and they seem to give reasonable results now.
You are welcome to change Permissive to Enforcing and give Spacewalk
with SELinux a try.

Some quotes from 
	https://fedorahosted.org/spacewalk/wiki/Features/SELinuxNotes :

	Currently, with spacewalk-selinux-0.4.1-5.el5 and other
	current packages built from master, it is possible to

	    * install Spacewalk
	    * configure Spacewalk (spacewalk-setup)
	    * run Spacewalk:
		  o use its WebUI
		  o restart it via WebUI
		  o run rhnpush and satellite-sync
		  o register clients to the Spacewalk server
		  o use yum and rhn_check on the client, including
	            kickstarting them 

	With the oracle-xe-selinux-10.2-5.el5, it is possible to run
	Oracle XE with SELinux targeted in enforcing. However, it is
	necessary to run

		# /usr/sbin/groupadd -r dba
		# /usr/sbin/useradd -r -M -g dba -d /usr/lib/oracle/xe \
						-s /bin/bash oracle

	before installing the oracle-xe-univ package to create the
	oracle user as system user (with uid < 500).

	Both the oracle-xe configure and creating the database user
	via the web interface can be done under Enforcing.

You can report problems either to spacewalk-devel at redhat.com or to
bugzilla and you can report successes to spacewalk-devel at redhat.com
or to the SELinuxNotes wiki page, especially if you find out that
with Enforcing, some other functionality not mentioned in the list
above just works fine as well, without any AVC denials in 
/var/log/audit/audit.log.

Yours,

-- 
Jan Pazdziora
Satellite Engineering, Red Hat