[Spacewalk-list] CentOS 7.4 + Spacewalk 2.6: PAM fails because of SELinux
Olli Rajala
olli.rajala at ravoltek.net
Fri Jan 5 12:08:31 UTC 2018
Hi,
On Fri, Jan 5, 2018 at 3:33 AM, Paul-Andre Panon <
paul-andre.panon at avigilon.com> wrote:
> Sigh one more correction. It was probably this post
> https://www.redhat.com/archives/spacewalk-list/2017-November/msg00035.html,
> and not endpoint blog link, which gave me the hint that there may be
> additional issues between SELinux and SW 2.7 that had not yet been
> addressed.
>
Thanks for ideas. It still seems to be SELinux issue with 2.7, although
there is nothing added to /var/log/audit/audit.log anymore.
If I do 'setenforce 0', login works just fine.
With SELinux enabled, login fails and I get occasionally to
/var/log/messages:
Jan 5 13:50:31 setroubleshoot: SELinux is preventing java from nlmsg_relay
access on the netlink_audit_socket Unknown. For complete SELinux messages
run: sealert <id>
$ sudo sealert -l <id>
SELinux is preventing java from nlmsg_relay access on the
netlink_audit_socket Unknown.
***** Plugin catchall (100. confidence) suggests
**************************
If you believe that java should be allowed nlmsg_relay access on the
Unknown netlink_audit_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'java' --raw | audit2allow -M my-java
# semodule -i my-java.pp
BR,
--
Olli Rajala
Finland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180105/2c387575/attachment.htm>
More information about the Spacewalk-list
mailing list