[Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode

Linder, Rolf Rolf.Linder at united-security-providers.ch
Fri Nov 21 15:39:17 UTC 2014 

Hi Stephen

We're using spacewalk 2.2 server with 2.2 clients. You asked, if it's a problem on spacewalk/client 2.2 also...

If we provision a centos 6.5 (spacewalk client 2.2) we are able to use jabber; if we provision 6.6 (or update 6.5 to 6.6) it won't work anymore (denied by selinux). You then have to enable a workaround as stated in bugzilla issue (kind of disable selinux enforced mode for osad_t for example).

It is not security relevant, but quite sad that you will not be able to use jabber with spacewalk 2.2/centos 6.6.

Cheers,
Rolf

-----Ursprüngliche Nachricht-----
Von: Stephen Herr [mailto:sherr at redhat.com] 
Gesendet: Freitag, 21. November 2014 15:17
An: stuart.green at doccentrics.com; spacewalk-list at redhat.com
Betreff: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode

No, you could make that argument about every single bug ever filed against Spacewalk. By "security related" I mean related to users being able to escalate their privileges on Spacewalk server or unauthenticated attackers gaining access to information they should not have.

I've asked this question in the bug too, but do you know if the 2.2 clients work correctly? If they do then this will likely never get fixed in old versions of Spacewalk.

-Stephen

On 11/21/2014 06:41 AM, Stuart Green wrote:
> OK, I guess this is indirectly security related if the fix is to 
> disable part of a security component?
>
>
> On 20/11/2014 19:40, Stephen Herr wrote:
>> On 11/14/2014 10:21 AM, Stuart Green wrote:
>>> Found a public bug report, not sure  much attention 'medium' 
>>> severity gets?
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1161288
>>>
>>
>> Generally Spacewalk bugs are not fixed until the next release, FYI 
>> (unless it's security related).
>>
>> -Stephen
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5375 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20141121/cb824288/attachment.bin>

More information about the Spacewalk-list mailing list