[Spacewalk-list] CentOS 7.4 + Spacewalk 2.6: PAM fails because of SELinux
Olli Rajala
olli.rajala at gmail.com
Tue Jan 2 09:40:24 UTC 2018
Hi,
We had working PAM authentication in our Spacewalk 2.6 running on CentOS
7.4.1708, and it was updated + rebooted today. After some update during
autumn PAM authentication stopped working. Unfortunately I can't be more
specific. I know when it worked (24.7.2017), but not when it stopped.
Another instance of Spacewalk 2.6 on CentOS 6.9 seems to work just fine, so
this is related to CentOS 7.
The issue is the same as described in this post:
https://www.redhat.com/archives/spacewalk-list/2017-September/msg00007.html
Raw Audit Messages
type=AVC msg=audit(1514881078.526:6091): avc: denied { create } for
pid=1037 comm="java" scontext=system_u:system_r:tomcat_t:s0
tcontext=system_u:system_r:tomcat_t:s0 tclass=netlink_audit_socket
SELinux is preventing
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el7_4.x86_64/jre/bin/java
from getattr access on the direry /var/log/rhn.
$ rpm -qa | grep spacewalk-selinux
spacewalk-selinux-2.3.2-1.el7.noarch
Any ideas? Disabling SELinux is not a possibility.
Luckily we can login with local accounts, but would prefer PAM
authentication.
BR,
--
Olli Rajala
Finland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180102/2eb7a95c/attachment.htm>
More information about the Spacewalk-list
mailing list