[Spacewalk-list] 2.7 Schedule issue
Bruce Wainer
bruce at brucewainer.com
Fri Oct 20 05:47:37 UTC 2017
I fixed the issue I was having via reviewing the SELinux log and using
audit2allow to make a new SELinux policy (Section 7 of
https://wiki.centos.org/HowTos/SELinux ). It appears that the 2.6 -> 2.7
upgrade process didn't get everything set properly.
(This Tomcat install is also running Unimus, which was also facing some
SELinux issues, so I don't know for sure which of these rules were due to
Spacewalk and which are due to Unimus. It probably wasn't recommended to
drop the Unimus WAR into the Spacewalk Tomcat install, but so far I've had
no issues other than the Spacewalk Tomcat config only listens on localhost
for port 8080)
~]# grep comm=\"java\" /var/log/audit/audit.log | grep type=AVC |
audit2allow -m tomcat2 > tomcat2.te
~]# cat tomcat2.te
module tomcat2 1.0;
require {
type var_log_t;
type tomcat_t;
type spacewalk_data_t;
type smtp_port_t;
type var_run_t;
type etc_t;
type spacewalk_log_t;
class tcp_socket name_connect;
class dir { add_name getattr remove_name search write };
class file { append create open read rename unlink write };
}
#============= tomcat_t ==============
allow tomcat_t etc_t:dir { add_name remove_name write };
allow tomcat_t etc_t:file rename;
allow tomcat_t etc_t:file { append create unlink write };
allow tomcat_t smtp_port_t:tcp_socket name_connect;
allow tomcat_t spacewalk_data_t:dir search;
allow tomcat_t spacewalk_log_t:dir { getattr search };
allow tomcat_t spacewalk_log_t:file { open read };
allow tomcat_t var_log_t:file open;
allow tomcat_t var_run_t:file read;
~]# grep comm=\"java\" /var/log/audit/audit.log | grep type=AVC |
audit2allow -M tomcat2
~]# semodule -i tomcat2.pp
~]#systemctl restart tomcat
Hopefully this helps some people out, and the devs can look at these and
see what needs to be added to the upgrade process.
Bruce Wainer
On Thu, Oct 19, 2017 at 10:34 AM, Bruce Wainer <bruce at brucewainer.com>
wrote:
> I’m experiencing the same after upgrading, except for me it is on the
> “Repositories > Sync” page for every software channel. Where/how do I get
> the traceback? And if it is an ACL issue, how do I go about fixing it? This
> system is stock CentOS and I have only ever followed the instructions for
> installing SpaceWalk on it.
>
> Bruce
>
> On Oct 17, 2017, at 4:36 PM, Wood, Brendan <Brendan.Wood at Mercy.Net> wrote:
>
> (Just upgraded to 2.7 from 2.6)
>
> Via the web interface, looking at the Schedule tab, I can open the
> Pending/Failed/Completed/etc Actions pages, but if I try to click on any of
> the actions that are pending/failed/completed I get an “Internal server
> error” and the traceback sent to me read:
>
> Attribute Names = rhnActiveLang, org.apache.struts.action.MESSAGE,
> org.apache.struts.action.mapping.instance, requestedUri, session,
> javax.servlet.request.key_size, org.apache.struts.action.MODULE,
> org.apache.struts.globals.ORIGINAL_URI_KEY, actionname,
> javax.servlet.request.cipher_suite, javax.servlet.jsp.jstl.fmt.timeZone.request,
> action, pageList, user,
>
>
> User Information:
> User admin (id 1, org_id 1)
>
> Exception:
> javax.servlet.ServletException: javax.servlet.jsp.JspException: Error
> writing to JSP file:
> at org.apache.jasper.runtime.PageContextImpl.doHandlePageException(
> PageContextImpl.java:858)
> at org.apache.jasper.runtime.PageContextImpl.handlePageException(
> PageContextImpl.java:791)
> at org.apache.jsp.WEB_002dINF.pages.schedule.completedsystems_jsp._jspService(Unknown
> Source)
> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:206)
> at org.apache.catalina.core.ApplicationDispatcher.invoke(
> ApplicationDispatcher.java:646)
> at org.apache.catalina.core.ApplicationDispatcher.processRequest(
> ApplicationDispatcher.java:436)
> at org.apache.catalina.core.ApplicationDispatcher.doForward(
> ApplicationDispatcher.java:374)
> at org.apache.catalina.core.ApplicationDispatcher.forward(
> ApplicationDispatcher.java:302)
> at org.apache.struts.action.RequestProcessor.doForward(
> RequestProcessor.java:1083)
> at org.apache.struts.action.RequestProcessor.processForwardConfig(
> RequestProcessor.java:396)
> at org.apache.struts.action.RequestProcessor.process(
> RequestProcessor.java:232)
> at com.redhat.rhn.frontend.struts.RhnRequestProcessor.
> process(RhnRequestProcessor.java:105)
> at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1926)
> at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:451)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:206)
> at com.redhat.rhn.frontend.servlets.AuthFilter.doFilter(
> AuthFilter.java:107)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:206)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.
> obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.
> doFilter(SiteMeshFilter.java:77)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:206)
> at com.redhat.rhn.frontend.servlets.LocalizedEnvironmentFilter.doFilter(
> LocalizedEnvironmentFilter.java:67)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:206)
> at com.redhat.rhn.frontend.servlets.EnvironmentFilter.
> doFilter(EnvironmentFilter.java:101)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:206)
> at com.redhat.rhn.frontend.servlets.SessionFilter.
> doFilter(SessionFilter.java:57)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:206)
> at com.redhat.rhn.frontend.servlets.SetCharacterEncodingFilter.doFilter(
> SetCharacterEncodingFilter.java:97)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:233)
> at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:191)
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:102)
> at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:299)
> at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
> at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)
> at org.apache.jk.common.ChannelSocket.processConnection(
> ChannelSocket.java:698)
> at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(
> ChannelSocket.java:891)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:690)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: com.redhat.rhn.common.MethodInvocationException:
> IllegalInvocationException calling aclGenericActionType
> ("generic_action_type(remove)"): null
> at com.redhat.rhn.common.security.acl.Acl.evalAcl(Acl.java:491)
> at com.redhat.rhn.frontend.nav.AclGuard.canRender(AclGuard.java:69)
> at com.redhat.rhn.frontend.nav.RenderGuardComposite.canRender(
> RenderGuardComposite.java:49)
> at com.redhat.rhn.frontend.nav.Renderable.canRender(Renderable.java:126)
> at com.redhat.rhn.frontend.nav.DialognavRenderer.navNodeInactive(
> DialognavRenderer.java:102)
> at com.redhat.rhn.frontend.nav.RenderEngine.renderLevel(
> RenderEngine.java:96)
> at com.redhat.rhn.frontend.nav.RenderEngine.render(RenderEngine.java:58)
> at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.
> render(RenderUtils.java:148)
> at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.
> renderNavigationMenu(RenderUtils.java:132)
> at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.
> renderNavigationMenu(RenderUtils.java:73)
> at com.redhat.rhn.frontend.taglibs.NavMenuTag.doStartTag(
> NavMenuTag.java:52)
> at org.apache.jsp.WEB_002dINF.pages.schedule.completedsystems_jsp._jspx_
> meth_rhn_005fdialogmenu_005f0(Unknown Source)
> ... 51 more
> Caused by: java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at com.redhat.rhn.common.security.acl.Acl.evalAcl(Acl.java:469)
> ... 62 more
> Caused by: org.hibernate.LazyInitializationException: could not
> initialize proxy - no Session
> at org.hibernate.proxy.AbstractLazyInitializer.initialize(
> AbstractLazyInitializer.java:167)
> at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(
> AbstractLazyInitializer.java:215)
> at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(
> JavassistLazyInitializer.java:190)
> at com.redhat.rhn.domain.action.ActionType_$$_javassist_133.
> equals(ActionType_$$_javassist_133.java)
> at com.redhat.rhn.domain.action.ActionFactory.checkActionArchType(
> ActionFactory.java:602)
> at com.redhat.rhn.common.security.acl.action.ActionAclHandler.
> aclGenericActionType(ActionAclHandler.java:52)
> ... 67 more
>
> Anyone have any ideas how to fix this?
>
>
> This electronic mail and any attached documents are intended solely for the named addressee(s) and contain confidential information. If you are not an addressee, or responsible for delivering this email to an addressee, you have received this email in error and are notified that reading, copying, or disclosing this email is prohibited. If you received this email in error, immediately reply to the sender and delete the message completely from your computer system.
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171020/f7d335b7/attachment.htm>
More information about the Spacewalk-list
mailing list