[Spacewalk-list] Proxy 1.1 selinux issue
Brian_Kosick at McAfee.com
Brian_Kosick at McAfee.com
Tue Nov 2 22:23:59 UTC 2010
Hi All,
I just updated our proxy from 1.0 to 1.1 on a RHEL5.5-i386 box. I keep getting the following error on the client.
rhnreg_ks --serverUrl=https://sp.server.com/XMLRPC --activationkey=XXXXXXXXXXXXX --force
An error has occurred:
Error Message:
RHN Proxy error (auth caching issue). Please contact your system administrator.
Error Class Code: 1000
Error Class Info: RHN Proxy error.
Explanation:
An error has occurred while processing your request. If this problem
persists please enter a bug report at bugzilla.redhat.com.
If you choose to submit the bug report, please be sure to include
details of what you were trying to do when this error occurred and
details on how to reproduce this problem.
See /var/log/up2date for more information
I tracked it down and found matching entries in the audit log on the proxy server
spacewalk-backend-1.1.51-1.el5
spacewalk-backend-libs-1.1.51-1.el5
spacewalk-certs-tools-1.1.1-1.el5
spacewalk-proxy-broker-1.1.4-1.el5
spacewalk-proxy-common-1.1.4-1.el5
spacewalk-proxy-docs-1.1.1-1.el5
spacewalk-proxy-html-1.1.1-1.el5
spacewalk-proxy-installer-1.1.2-1.el5
spacewalk-proxy-management-1.1.4-1.el5
spacewalk-proxy-package-manager-1.1.4-1.el5
spacewalk-proxy-redirect-1.1.4-1.el5
spacewalk-proxy-selinux-1.1.1-1.el5
spacewalk-repo-1.1-3.el5
spacewalk-setup-jabberd-1.1.1-1.el5
spacewalk-ssl-cert-check-2.0-1.el5
type=AVC msg=audit(1288733927.462:170): avc: denied { write } for pid=4396 comm="httpd" name="rhn" dev=sda5 ino=1409027 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1288733927.462:170): arch=40000003 syscall=39 success=no exit=-13 a0=8d46a40 a1=1ed a2=10db8e4 a3=8dc87ac items=0 ppid=3957 pid=4396 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
I tried the selinux troubleshooting tips, and followed the inode to /var/cache/rhn and ran
restorecon -rvv /var/cache/rhn
restorecon reset /var/cache/rhn/proxy-auth context root:object_r:var_t:s0->system_u:object_r:spacewalk_proxy_cache_t:s0
restorecon reset /var/cache/rhn/proxy-auth/1000010278 context root:object_r:var_t:s0->system_u:object_r:spacewalk_proxy_cache_t:s0
restorecon reset /var/cache/rhn/proxy-auth/p1000010078 context root:object_r:var_t:s0->system_u:object_r:spacewalk_proxy_cache_t:s0
The only thing that helped was setting selinux to permissive.
Thanks,
Brian
More information about the Spacewalk-list
mailing list