[Spacewalk-list] 2.7 Schedule issue

Ree, Jan-Albert van J.A.v.Ree at marin.nl
Fri Oct 20 07:07:51 UTC 2017 

Unfortunately this for us is not the cause : we have SELinux running in permissive mode thus it can't be blocking anything.

Also your audit2allow command did not find anything​

Regards

Jan-Albert

Jan-Albert van Ree | Linux System Administrator | MARIN Support Group
MARIN | T +31 317 49 35 48 | J.A.v.Ree at marin.nl<mailto:J.A.v.Ree at marin.nl> | www.marin.nl<http://www.marin.nl>

[LinkedIn]<https://www.linkedin.com/company/marin> [YouTube] <http://www.youtube.com/marinmultimedia>  [Twitter] <https://twitter.com/MARIN_nieuws>  [Facebook] <https://www.facebook.com/marin.wageningen>
MARIN news: Verification and validation study of CFD simulations for the flow around a tug<http://www.marin.nl/web/News/News-items/Verification-and-validation-study-of-CFD-simulations-for-the-flow-around-a-tug.htm>

________________________________
From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> on behalf of Bruce Wainer <bruce at brucewainer.com>
Sent: Friday, October 20, 2017 07:47
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] 2.7 Schedule issue

I fixed the issue I was having via reviewing the SELinux log and using audit2allow to make a new SELinux policy (Section 7 of https://wiki.centos.org/HowTos/SELinux ). It appears that the 2.6 -> 2.7 upgrade process didn't get everything set properly.
(This Tomcat install is also running Unimus, which was also facing some SELinux issues, so I don't know for sure which of these rules were due to Spacewalk and which are due to Unimus. It probably wasn't recommended to drop the Unimus WAR into the Spacewalk Tomcat install, but so far I've had no issues other than the Spacewalk Tomcat config only listens on localhost for port 8080)

 ~]# grep comm=\"java\" /var/log/audit/audit.log | grep type=AVC | audit2allow -m tomcat2 > tomcat2.te
 ~]# cat tomcat2.te

module tomcat2 1.0;

require {
        type var_log_t;
        type tomcat_t;
        type spacewalk_data_t;
        type smtp_port_t;
        type var_run_t;
        type etc_t;
        type spacewalk_log_t;
        class tcp_socket name_connect;
        class dir { add_name getattr remove_name search write };
        class file { append create open read rename unlink write };
}

#============= tomcat_t ==============
allow tomcat_t etc_t:dir { add_name remove_name write };
allow tomcat_t etc_t:file rename;
allow tomcat_t etc_t:file { append create unlink write };
allow tomcat_t smtp_port_t:tcp_socket name_connect;
allow tomcat_t spacewalk_data_t:dir search;
allow tomcat_t spacewalk_log_t:dir { getattr search };
allow tomcat_t spacewalk_log_t:file { open read };
allow tomcat_t var_log_t:file open;
allow tomcat_t var_run_t:file read;

 ~]# grep comm=\"java\" /var/log/audit/audit.log | grep type=AVC | audit2allow -M tomcat2
 ~]# semodule -i tomcat2.pp
 ~]#systemctl restart tomcat

Hopefully this helps some people out, and the devs can look at these and see what needs to be added to the upgrade process.

Bruce Wainer

On Thu, Oct 19, 2017 at 10:34 AM, Bruce Wainer <bruce at brucewainer.com<mailto:bruce at brucewainer.com>> wrote:
I’m experiencing the same after upgrading, except for me it is on the “Repositories > Sync” page for every software channel. Where/how do I get the traceback? And if it is an ACL issue, how do I go about fixing it? This system is stock CentOS and I have only ever followed the instructions for installing SpaceWalk on it.

Bruce

On Oct 17, 2017, at 4:36 PM, Wood, Brendan <Brendan.Wood at Mercy.Net<mailto:Brendan.Wood at Mercy.Net>> wrote:

(Just upgraded to 2.7 from 2.6)

Via the web interface, looking at the Schedule tab, I can open the Pending/Failed/Completed/etc Actions pages, but if I try to click on any of the actions that are pending/failed/completed I get an “Internal server error” and the traceback sent to me read:

Attribute Names = rhnActiveLang, org.apache.struts.action.MESSAGE, org.apache.struts.action.mapping.instance, requestedUri, session, javax.servlet.request.key_size, org.apache.struts.action.MODULE, org.apache.struts.globals.ORIGINAL_URI_KEY, actionname, javax.servlet.request.cipher_suite, javax.servlet.jsp.jstl.fmt.timeZone.request, action, pageList, user,


User Information:
User admin (id 1, org_id 1)

Exception:
javax.servlet.ServletException: javax.servlet.jsp.JspException: Error writing to JSP file:
at org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:858)
at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:791)
at org.apache.jsp.WEB_002dINF.pages.schedule.completedsystems_jsp._jspService(Unknown Source)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1083)
at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:396)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:232)
at com.redhat.rhn.frontend.struts.RhnRequestProcessor.process(RhnRequestProcessor.java:105)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1926)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:451)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.redhat.rhn.frontend.servlets.AuthFilter.doFilter(AuthFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.redhat.rhn.frontend.servlets.LocalizedEnvironmentFilter.doFilter(LocalizedEnvironmentFilter.java:67)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.redhat.rhn.frontend.servlets.EnvironmentFilter.doFilter(EnvironmentFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.redhat.rhn.frontend.servlets.SessionFilter.doFilter(SessionFilter.java:57)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.redhat.rhn.frontend.servlets.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:97)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:299)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.redhat.rhn.common.MethodInvocationException: IllegalInvocationException calling aclGenericActionType ("generic_action_type(remove)"): null
at com.redhat.rhn.common.security.acl.Acl.evalAcl(Acl.java:491)
at com.redhat.rhn.frontend.nav.AclGuard.canRender(AclGuard.java:69)
at com.redhat.rhn.frontend.nav.RenderGuardComposite.canRender(RenderGuardComposite.java:49)
at com.redhat.rhn.frontend.nav.Renderable.canRender(Renderable.java:126)
at com.redhat.rhn.frontend.nav.DialognavRenderer.navNodeInactive(DialognavRenderer.java:102)
at com.redhat.rhn.frontend.nav.RenderEngine.renderLevel(RenderEngine.java:96)
at com.redhat.rhn.frontend.nav.RenderEngine.render(RenderEngine.java:58)
at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.render(RenderUtils.java:148)
at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.renderNavigationMenu(RenderUtils.java:132)
at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.renderNavigationMenu(RenderUtils.java:73)
at com.redhat.rhn.frontend.taglibs.NavMenuTag.doStartTag(NavMenuTag.java:52)
at org.apache.jsp.WEB_002dINF.pages.schedule.completedsystems_jsp._jspx_meth_rhn_005fdialogmenu_005f0(Unknown Source)
... 51 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.redhat.rhn.common.security.acl.Acl.evalAcl(Acl.java:469)
... 62 more
Caused by: org.hibernate.LazyInitializationException: could not initialize proxy - no Session
at org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:167)
at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:215)
at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:190)
at com.redhat.rhn.domain.action.ActionType_$$_javassist_133.equals(ActionType_$$_javassist_133.java)
at com.redhat.rhn.domain.action.ActionFactory.checkActionArchType(ActionFactory.java:602)
at com.redhat.rhn.common.security.acl.action.ActionAclHandler.aclGenericActionType(ActionAclHandler.java:52)
... 67 more

Anyone have any ideas how to fix this?


This electronic mail and any attached documents are intended solely for the named addressee(s) and contain confidential information. If you are not an addressee, or responsible for delivering this email to an addressee, you have received this email in error and are notified that reading, copying, or disclosing this email is prohibited. If you received this email in error, immediately reply to the sender and delete the message completely from your computer system.



_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171020/7d4bd16b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: imagef4930b.PNG
Type: image/png
Size: 293 bytes
Desc: imagef4930b.PNG
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171020/7d4bd16b/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image43ded4.PNG
Type: image/png
Size: 331 bytes
Desc: image43ded4.PNG
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171020/7d4bd16b/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: imagecca858.PNG
Type: image/png
Size: 333 bytes
Desc: imagecca858.PNG
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171020/7d4bd16b/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image7cbb58.PNG
Type: image/png
Size: 253 bytes
Desc: image7cbb58.PNG
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171020/7d4bd16b/attachment-0003.png>

More information about the Spacewalk-list mailing list