[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode

I’ve been seeing this as well.  Clients are on CentOS 6.6 with Spacewalk 2.2.  I’ve had to put SELinux in permissive mode for now.

-- kevin

On Nov 6, 2014, at 12:48 PM, Andy Ingham <andy ingham duke edu> wrote:

Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at
spacewalk client version 2.1) are showing:

SELinux is preventing /usr/bin/python from name_connect access on the
tcp_socket .

*****  Plugin catchall (100. confidence) suggests

If you believe that python should be allowed name_connect access on the
tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep osad /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

And FWIW, attempting to mitigate by adding a local policy (as the above
notice instructs) ALSO FAILS:

[root HOSTNAME local_policy]# semodule -i osad.pp
libsepol.print_missing_requirements: osad's global requirements were not
met: type/attribute osad_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
semodule:  Failed!

Is this a known issue?


Andy Ingham
IT Infrastructure
Fuqua School of Business
Duke University

Spacewalk-list mailing list
Spacewalk-list redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]