[Spacewalk-list] Uninstalling spacewalk
Jan Pazdziora
jpazdziora at redhat.com
Mon Feb 2 17:21:43 UTC 2009
I'm only going to respond to SELinux parts of your post because I feel
I have some knowledge in that.
On Mon, Feb 02, 2009 at 11:06:31AM -0500, m.roth2006 at rcn.com wrote:
> Here's all that I did. I gave up after spending a couple hours trying to debug the perl code....
> *********************
> This a) gets rid of wrapper not starting, and failing.
> b) fixes selinux to let it all run.
[...]
> #########################################################
> Changes made to configurations:
> Shut down selinux
> http and oracle need policies added:
>
> #============= httpd_t ==============
> allow httpd_t auditd_log_t:dir search;
> allow httpd_t file_t:dir search;
> allow httpd_t user_home_t:dir search;
> #============= oracle_sqlplus_t ============== allow oracle_sqlplus_t file_t:dir search;
Can you please send the output of
grep AVC /var/log/audit/audit.log
? Because these don't seem correct. Apache should not be looking at
audit log, there shouldn't be any generic file_t directories around,
etc.
I've tested Spacewalk 0.4 pretty extensively and it should not produce
any AVC denials if you do not use Spacewalk Proxy or monitoring.
Please, also see
https://fedorahosted.org/spacewalk/wiki/Features/SELinux
which lists what the intended setup looks like -- it might help you
to debug your server.
--
Jan Pazdziora | adelton at #satellite*, #brno
Satellite Engineering, Red Hat
More information about the Spacewalk-list
mailing list