Bug 1185801

Summary: Satellite 6 is prevented from connecting to AMQP (qpidd)
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: SELinuxAssignee: Lukas Zapletal <lzap>
Status: CLOSED ERRATA QA Contact: Og Maciel <omaciel>
Severity: medium Docs Contact:
Priority: unspecified    
Version: NightlyCC: bkearney, cwelton, omaciel
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/9106
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-12 05:22:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Zapletal 2015-01-26 10:28:10 UTC 
time->Wed Jan 21 15:42:15 2015
type=SYSCALL msg=audit(1421872935.698:709): arch=c000003e syscall=42 success=no exit=-115 a0=e a1=7f320800af70 a2=10 a3=7f321fb73070 items=0 ppid=1 pid=18917 auid=0 uid=497 gid=496 euid=497 suid=497 fsuid=497 egid=496 sgid=496 fsgid=496 tty=(none) ses=1 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1421872935.698:709): avc:  denied  { name_connect } for  pid=18917 comm="ruby" dest=5671 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket

corenet_tcp_connect_amqp_port(passenger_t)
Comment 1 RHEL Program Management 2015-01-26 10:33:47 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 6 Og Maciel 2015-03-09 19:02:04 UTC 
# grep denied -nriI /var/log/audit/audit.log |grep 5671
#
Comment 7 Og Maciel 2015-03-10 11:55:44 UTC 
Verified on Satellite-6.1.0-RHEL-6-20150303.0
Comment 8 Bryan Kearney 2015-08-11 13:27:52 UTC 
This bug is slated to be released with Satellite 6.1.
Comment 9 errata-xmlrpc 2015-08-12 05:22:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1592