[Spacewalk-list] Spacewalk and SELinux: progress status
Jan Pazdziora
jpazdziora at redhat.com
Wed Dec 10 22:25:42 UTC 2008
Hello,
I've committed a couple more changes to the SELinux policy modules
I've been working on, and they seem to give reasonable results now.
You are welcome to change Permissive to Enforcing and give Spacewalk
with SELinux a try.
Some quotes from
https://fedorahosted.org/spacewalk/wiki/Features/SELinuxNotes :
Currently, with spacewalk-selinux-0.4.1-5.el5 and other
current packages built from master, it is possible to
* install Spacewalk
* configure Spacewalk (spacewalk-setup)
* run Spacewalk:
o use its WebUI
o restart it via WebUI
o run rhnpush and satellite-sync
o register clients to the Spacewalk server
o use yum and rhn_check on the client, including
kickstarting them
With the oracle-xe-selinux-10.2-5.el5, it is possible to run
Oracle XE with SELinux targeted in enforcing. However, it is
necessary to run
# /usr/sbin/groupadd -r dba
# /usr/sbin/useradd -r -M -g dba -d /usr/lib/oracle/xe \
-s /bin/bash oracle
before installing the oracle-xe-univ package to create the
oracle user as system user (with uid < 500).
Both the oracle-xe configure and creating the database user
via the web interface can be done under Enforcing.
You can report problems either to spacewalk-devel at redhat.com or to
bugzilla and you can report successes to spacewalk-devel at redhat.com
or to the SELinuxNotes wiki page, especially if you find out that
with Enforcing, some other functionality not mentioned in the list
above just works fine as well, without any AVC denials in
/var/log/audit/audit.log.
Yours,
--
Jan Pazdziora
Satellite Engineering, Red Hat
More information about the Spacewalk-list
mailing list