[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode



I’ve been seeing this as well.  Clients are on CentOS 6.6 with Spacewalk 2.2.  I’ve had to put SELinux in permissive mode for now.


-- kevin



On Nov 6, 2014, at 12:48 PM, Andy Ingham <andy ingham duke edu> wrote:

Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at
spacewalk client version 2.1) are showing:


+++++++++++++++++++++++++
SELinux is preventing /usr/bin/python from name_connect access on the
tcp_socket .

*****  Plugin catchall (100. confidence) suggests
***************************

If you believe that python should be allowed name_connect access on the
tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep osad /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
+++++++++++++++++++++++++





And FWIW, attempting to mitigate by adding a local policy (as the above
notice instructs) ALSO FAILS:

[root HOSTNAME local_policy]# semodule -i osad.pp
libsepol.print_missing_requirements: osad's global requirements were not
met: type/attribute osad_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
semodule:  Failed!





Is this a known issue?


Andy

Andy Ingham
IT Infrastructure
Fuqua School of Business
Duke University






_______________________________________________
Spacewalk-list mailing list
Spacewalk-list redhat com
https://www.redhat.com/mailman/listinfo/spacewalk-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]