Bug 1164164
Summary: | Setting a katello-proxy-url on RHEL7 in enforcing mode causes AVC denials: name_connect | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Ivan Necas <inecas> |
Component: | SELinux | Assignee: | Lukas Zapletal <lzap> |
Status: | CLOSED ERRATA | QA Contact: | Elyézer Rezende <erezende> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.5 | CC: | bbuckingham, cwelton, erezende, jmontleo, michele, mmccune |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/9216 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-08-12 05:19:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ivan Necas
2014-11-14 08:53:07 UTC
The workaround is to allow connects to the 8080 port. Solution: Introduce new boolean for this. Correcting status, sorry about that :-) Verified on: Satellite-6.1.0-RHEL-7-20150331.1 Steps to verify: 1. Installed Satellite pointing to an external squid proxy on port 3128. 2. Imported a manifest 3. Enabled "Red Hat Enterprise Virtualization Agents for RHEL 6 Server RPMs x86_64 6Server" Red Hat repository and synced it. 4. Watched audit.log for AVC and no AVC was emitted during the process: # tail -f /var/log/audit/audit.log | grep AVC ^C # This bug is slated to be released with Satellite 6.1. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1592 |