[Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
Stuart Green
stuart.green at doccentrics.com
Fri Nov 14 15:15:49 UTC 2014
Many thanks for highlighting the work around, bit of a nightmare bug
this when the client boxes are not remote executable!
I assume if satellite support are working on it, theres a internal
redhat internal view only bug?
On 13/11/2014 18:59, Andy Ingham wrote:
> Scratch that last post. :)
>
> I think I'm mistaken, and the setting WILL persist across reboots ...
>
> Andy
>
> From: Andy Ingham <andy.ingham at duke.edu<mailto:andy.ingham at duke.edu>>
> Reply-To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
> Date: Thursday, November 13, 2014 at 1:38 PM
> To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
> Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
>
> This is a fine workaround EXCEPT be aware that it does NOT persist across reboots.
>
> That is, you'll have to re-run the command after every reboot. (I'm hoping someone can indicate that I'm wrong on this, but I don't see a "persistent" option for that command).
>
> Andy
>
> From: ndegz <nndegz at gmail.com<mailto:nndegz at gmail.com>>
> Reply-To: "nndegz+list at gmail.com<mailto:nndegz+list at gmail.com>" <nndegz+list at gmail.com<mailto:nndegz+list at gmail.com>>, "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
> Date: Friday, November 7, 2014 at 3:18 PM
> To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
> Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
>
> Ran into the same issue and found this blog post
> Short tip: osad: Unable to connect to the host and port specified (EL6.6 + EL7)<http://blog.christian-stankowic.de/?p=6341&lang=en>
>
> semanage permissive -a osad_t
>
>
>
>
> On Thu, Nov 6, 2014 at 12:59 PM, Kevin Sandy <kevin at digitallotus.com<mailto:kevin at digitallotus.com>> wrote:
> I've been seeing this as well. Clients are on CentOS 6.6 with Spacewalk 2.2. I've had to put SELinux in permissive mode for now.
>
>
> -- kevin
>
>
>
> On Nov 6, 2014, at 12:48 PM, Andy Ingham <andy.ingham at duke.edu<mailto:andy.ingham at duke.edu>> wrote:
>
> Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at
> spacewalk client version 2.1) are showing:
>
>
> +++++++++++++++++++++++++
> SELinux is preventing /usr/bin/python from name_connect access on the
> tcp_socket .
>
> ***** Plugin catchall (100. confidence) suggests
> ***************************
>
> If you believe that python should be allowed name_connect access on the
> tcp_socket by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep osad /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> +++++++++++++++++++++++++
>
>
>
>
>
> And FWIW, attempting to mitigate by adding a local policy (as the above
> notice instructs) ALSO FAILS:
>
> [root at HOSTNAME local_policy]# semodule -i osad.pp
> libsepol.print_missing_requirements: osad's global requirements were not
> met: type/attribute osad_t (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).
> semodule: Failed!
>
>
>
>
>
> Is this a known issue?
>
>
> Andy
>
> Andy Ingham
> IT Infrastructure
> Fuqua School of Business
> Duke University
>
>
>
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20141114/67eecdb0/attachment.sig>
More information about the Spacewalk-list
mailing list