Bug 1024224

Summary: Satellite installer does not check whether the port it will communicate to external Oracle DB on will be allowed given the system's SELinux configuration
Product: Red Hat Satellite 5 Reporter: Joe Thompson <jthompso>
Component: InstallerAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED DEFERRED QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 560CC: gcheng, redhat-bugs, tlestach
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-09 10:59:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 462714    

Description Joe Thompson 2013-10-29 07:28:17 UTC 
Description of problem: Installing Satellite with SELinux in Enforcing mode fails with a generic error if using an external Oracle database on a non-standard port that is not listed as allowed in oracle_port_t.


Version-Release number of selected component (if applicable): 5.6.0


How reproducible: 100%


Steps to Reproduce:
1. Set up an external Oracle database instance on a non-standard port and configure it for Satellite use.
2. Set up a RHEL system to install Satellite on with SELinux in enforcing mode using a vanilla default SELinux "targeted" configuration.
3. Attempt to install Satellite on the system using a connection to the said database server.

Actual results: Install fails at testing the connection to the database with a generic error message.


Expected results: Installer should either warn the user before the test that the connection test will fail (based on the fact that the SELinux enforcement mode, oracle_port_t allowed port list and the external Oracle port number are all known or at least knowable at that point), or at a minimum should at least provide more informative info after the failure suggesting that as a highly likely cause.


Additional info:
Comment 2 Tomas Lestach 2018-04-09 10:59:30 UTC 
We have re-reviewed this bug, as part of an ongoing effort to improve Satellite/Proxy feature and bug updates, review and backlog.

This is a low priority bug and has no currently open customer cases. While this bug may still valid, we do not see it being implemented prior to the EOL of the Satellite 5.x product. As such, this is being CLOSED DEFERRED. 

Closing now to help set customer expectations as early as possible. You are welcome to re-open this bug if needed.