[Spacewalk-list] CentOS 7.4 + Spacewalk 2.6: PAM fails because of SELinux
Michael Mraka
michael.mraka at redhat.com
Wed Jan 3 12:29:04 UTC 2018
Olli Rajala:
> Hi,
> We had working PAM authentication in our Spacewalk 2.6 running on CentOS
> 7.4.1708, and it was updated + rebooted today. After some update during
> autumn PAM authentication stopped working. Unfortunately I can't be more
> specific. I know when it worked (24.7.2017), but not when it stopped.
> Another instance of Spacewalk 2.6 on CentOS 6.9 seems to work just fine, so
> this is related to CentOS 7.
>
> The issue is the same as described in this post:
> https://www.redhat.com/archives/spacewalk-list/2017-September/msg00007.html
>
> Raw Audit Messages
> type=AVC msg=audit(1514881078.526:6091): avc: denied { create } for
> pid=1037 comm="java" scontext=system_u:system_r:tomcat_t:s0
> tcontext=system_u:system_r:tomcat_t:s0 tclass=netlink_audit_socket
>
> SELinux is preventing
> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el7_4.x86_64/jre/bin/java
> from getattr access on the direry /var/log/rhn.
>
> $ rpm -qa | grep spacewalk-selinux
> spacewalk-selinux-2.3.2-1.el7.noarch
>
> Any ideas? Disabling SELinux is not a possibility.
Hello Olli,
This issue has been already fixed in Spacewalk 2.7 (together with number
of other tomcat_t issues). Is there a specific reason why you are
usingolder (and unsupported) version?
> Luckily we can login with local accounts, but would prefer PAM
> authentication.
>
> BR,
> --
> Olli Rajala
> Finland
Regards,
--
Michael Mráka
System Management Engineering, Red Hat
More information about the Spacewalk-list
mailing list