[Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
Andy Ingham
andy.ingham at duke.edu
Thu Nov 13 18:59:56 UTC 2014
Scratch that last post. :)
I think I'm mistaken, and the setting WILL persist across reboots ...
Andy
From: Andy Ingham <andy.ingham at duke.edu<mailto:andy.ingham at duke.edu>>
Reply-To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Date: Thursday, November 13, 2014 at 1:38 PM
To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
This is a fine workaround EXCEPT be aware that it does NOT persist across reboots.
That is, you'll have to re-run the command after every reboot. (I'm hoping someone can indicate that I'm wrong on this, but I don't see a "persistent" option for that command).
Andy
From: ndegz <nndegz at gmail.com<mailto:nndegz at gmail.com>>
Reply-To: "nndegz+list at gmail.com<mailto:nndegz+list at gmail.com>" <nndegz+list at gmail.com<mailto:nndegz+list at gmail.com>>, "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Date: Friday, November 7, 2014 at 3:18 PM
To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
Ran into the same issue and found this blog post
Short tip: osad: Unable to connect to the host and port specified (EL6.6 + EL7)<http://blog.christian-stankowic.de/?p=6341&lang=en>
semanage permissive -a osad_t
On Thu, Nov 6, 2014 at 12:59 PM, Kevin Sandy <kevin at digitallotus.com<mailto:kevin at digitallotus.com>> wrote:
I've been seeing this as well. Clients are on CentOS 6.6 with Spacewalk 2.2. I've had to put SELinux in permissive mode for now.
-- kevin
On Nov 6, 2014, at 12:48 PM, Andy Ingham <andy.ingham at duke.edu<mailto:andy.ingham at duke.edu>> wrote:
Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at
spacewalk client version 2.1) are showing:
+++++++++++++++++++++++++
SELinux is preventing /usr/bin/python from name_connect access on the
tcp_socket .
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that python should be allowed name_connect access on the
tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep osad /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
+++++++++++++++++++++++++
And FWIW, attempting to mitigate by adding a local policy (as the above
notice instructs) ALSO FAILS:
[root at HOSTNAME local_policy]# semodule -i osad.pp
libsepol.print_missing_requirements: osad's global requirements were not
met: type/attribute osad_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
semodule: Failed!
Is this a known issue?
Andy
Andy Ingham
IT Infrastructure
Fuqua School of Business
Duke University
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20141113/f9aa86e4/attachment.htm>
More information about the Spacewalk-list
mailing list