[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode



Many thanks for highlighting the work around, bit of a nightmare bug
this when the client boxes are not remote executable!

I assume if satellite support are working on it, theres a internal
redhat internal view only bug?

On 13/11/2014 18:59, Andy Ingham wrote:
> Scratch that last post.  :)
> 
> I think I'm mistaken, and the setting WILL persist across reboots ...
> 
> Andy
> 
> From: Andy Ingham <andy ingham duke edu<mailto:andy ingham duke edu>>
> Reply-To: "spacewalk-list redhat com<mailto:spacewalk-list redhat com>" <spacewalk-list redhat com<mailto:spacewalk-list redhat com>>
> Date: Thursday, November 13, 2014 at 1:38 PM
> To: "spacewalk-list redhat com<mailto:spacewalk-list redhat com>" <spacewalk-list redhat com<mailto:spacewalk-list redhat com>>
> Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
> 
> This is a fine workaround EXCEPT be aware that it does NOT persist across reboots.
> 
> That is, you'll have to re-run the command after every reboot.  (I'm hoping someone can indicate that I'm wrong on this, but I don't see a "persistent" option for that command).
> 
> Andy
> 
> From: ndegz <nndegz gmail com<mailto:nndegz gmail com>>
> Reply-To: "nndegz+list gmail com<mailto:nndegz+list gmail com>" <nndegz+list gmail com<mailto:nndegz+list gmail com>>, "spacewalk-list redhat com<mailto:spacewalk-list redhat com>" <spacewalk-list redhat com<mailto:spacewalk-list redhat com>>
> Date: Friday, November 7, 2014 at 3:18 PM
> To: "spacewalk-list redhat com<mailto:spacewalk-list redhat com>" <spacewalk-list redhat com<mailto:spacewalk-list redhat com>>
> Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
> 
> Ran into the same issue and found this blog post
> Short tip: osad: Unable to connect to the host and port specified (EL6.6 + EL7)<http://blog.christian-stankowic.de/?p=6341&lang=en>
> 
> semanage permissive -a osad_t
> 
> 
> 
> 
> On Thu, Nov 6, 2014 at 12:59 PM, Kevin Sandy <kevin digitallotus com<mailto:kevin digitallotus com>> wrote:
> I've been seeing this as well.  Clients are on CentOS 6.6 with Spacewalk 2.2.  I've had to put SELinux in permissive mode for now.
> 
> 
> -- kevin
> 
> 
> 
> On Nov 6, 2014, at 12:48 PM, Andy Ingham <andy ingham duke edu<mailto:andy ingham duke edu>> wrote:
> 
> Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at
> spacewalk client version 2.1) are showing:
> 
> 
> +++++++++++++++++++++++++
> SELinux is preventing /usr/bin/python from name_connect access on the
> tcp_socket .
> 
> *****  Plugin catchall (100. confidence) suggests
> ***************************
> 
> If you believe that python should be allowed name_connect access on the
> tcp_socket by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep osad /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> +++++++++++++++++++++++++
> 
> 
> 
> 
> 
> And FWIW, attempting to mitigate by adding a local policy (as the above
> notice instructs) ALSO FAILS:
> 
> [root HOSTNAME local_policy]# semodule -i osad.pp
> libsepol.print_missing_requirements: osad's global requirements were not
> met: type/attribute osad_t (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).
> semodule:  Failed!
> 
> 
> 
> 
> 
> Is this a known issue?
> 
> 
> Andy
> 
> Andy Ingham
> IT Infrastructure
> Fuqua School of Business
> Duke University
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list redhat com<mailto:Spacewalk-list redhat com>
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list redhat com<mailto:Spacewalk-list redhat com>
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> 
> 
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list redhat com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]