[Spacewalk-list] selinux blocking

[Jan-Frode Myklebust]

I'm a bit puzzled by this one... I'm sure I've been running spacewalk
for a while with selinux enabled (on RHEL5u3), but suddenly it stopped
working. When I try to start httpd, I get:

type=AVC msg=audit(1234251828.657:352996): avc:  denied  { execstack }
for  pid=30881 comm="httpd" scontext=user_u:system_r:httpd_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=process
type=AVC msg=audit(1234252060.463:353046): avc:  denied  { execmem } for
pid=30967 comm="httpd" scontext=user_u:system_r:httpd_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=process


[Tue Feb 10 08:43:48 2009] [error] Can't load
'/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/auto/DBD/Oracle/Oracle.so'
for module DBD::Oracle: libocci.so.10.1: cannot enable executable stack
as shared object requires: Permission denied at
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/DynaLoader.pm line
230.\n at /usr/lib/perl5/site_perl/5.8.8/RHN/DB.pm line 539\nCompilation
failed in require at /usr/lib/perl5/site_perl/5.8.8/RHN/DB.pm line
539.\nBEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.8.8/RHN/DB.pm line 539.\nCompilation failed
in require at /etc/rhn/satellite-httpd/conf/startup.pl line 9.\nBEGIN
failed--compilation aborted at /etc/rhn/satellite-httpd/conf/startup.pl
line 9.\nCompilation failed in require at (eval 2) line 1.\n
[Tue Feb 10 08:43:48 2009] [error] Can't load Perl file:
/etc/rhn/satellite-httpd/conf/startup.pl for server
spacewalk.example.com:80, exiting...

But both /usr/lib/oracle/10.2.0.3/client64/lib/libocci.so.10.1 and
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/auto/DBD/Oracle/Oracle.so
is labeled textrel_shlib_t.

Also, simply disabling transition for httpd (httpd_disable_trans=on)
doesn't help. I have to put selinux into permissive mode to get past
this one.. Any ideas what might cause it ?


   -jf