[Spacewalk-list] SELinux causing problems with OL 7.4
Wilkinson, Matthew
MatthewWilkinson at alliantenergy.com
Fri Sep 1 19:45:35 UTC 2017
I recently upgraded a box with a Spacewalk 2.6 instance from Oracle Linux 7.3 to Oracle Linux 7.4 and SELinux started complaining about a lot of stuff regarding java/tomcat. It broke my ability to auth using Kerberos/PAM to the web interface. If I change to permissive mode via "setenforce 0" I can login like normal, no problems. Even after running the sealert commands to set local policies to in theory fix the problems, SELinux in enforcing mode breaks my normal auth.
I'm seeing this stuff in the syslog, but even after applying the custom policies, with SELinux enforcing I still can't login. Anyone else noticing this?
setroubleshoot: SELinux is preventing java from getattr access on the directory /var/log/rhn.
setroubleshoot: SELinux is preventing /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.141-2.b16.el7_4.x86_64/jre/bin/java from nlmsg_relay access on the netlink_audit_socket Unknown.
In the audit.log I'm seeing stuff like:
**** Invalid AVC allowed in current policy ***
avc: denied { nlmsg_relay } for pid=##### comm="java" scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:system_r:tomcat_t:s0 tclass=netlink_audit_socket
Thanks,
Matthew Wilkinson | Lead Server Administrator, Unix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20170901/b8872937/attachment.htm>
More information about the Spacewalk-list
mailing list