[Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode
Kevin Sandy
kevin at digitallotus.com
Thu Nov 6 17:59:44 UTC 2014
I’ve been seeing this as well. Clients are on CentOS 6.6 with Spacewalk 2.2. I’ve had to put SELinux in permissive mode for now.
-- kevin
On Nov 6, 2014, at 12:48 PM, Andy Ingham <andy.ingham at duke.edu> wrote:
> Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at
> spacewalk client version 2.1) are showing:
>
>
> +++++++++++++++++++++++++
> SELinux is preventing /usr/bin/python from name_connect access on the
> tcp_socket .
>
> ***** Plugin catchall (100. confidence) suggests
> ***************************
>
> If you believe that python should be allowed name_connect access on the
> tcp_socket by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep osad /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> +++++++++++++++++++++++++
>
>
>
>
>
> And FWIW, attempting to mitigate by adding a local policy (as the above
> notice instructs) ALSO FAILS:
>
> [root at HOSTNAME local_policy]# semodule -i osad.pp
> libsepol.print_missing_requirements: osad's global requirements were not
> met: type/attribute osad_t (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).
> semodule: Failed!
>
>
>
>
>
> Is this a known issue?
>
>
> Andy
>
> Andy Ingham
> IT Infrastructure
> Fuqua School of Business
> Duke University
>
>
>
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20141106/814342a5/attachment.htm>
More information about the Spacewalk-list
mailing list