Bug 487380
Summary: | SELinux rhnpush failure [Errno 17] File exists: '/var/satellite' | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | John Matthews <jmatthew> |
Component: | Documentation | Assignee: | John Ha <jha> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | John Matthews <jmatthew> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 530 | CC: | adstrong, bperkins, cperry, jha, msuchy |
Target Milestone: | --- | Keywords: | Documentation |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sat530 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-09-10 19:12:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 456995, 457079 |
Description
John Matthews
2009-02-25 18:35:03 UTC
Please - confirm that /var/satellite is a NFS mount; - show me the output of ls -lZ /var/satellite; - show me the output of /usr/sbin/getsebool spacewalk_nfs_mountpoint; Thank you, Jan Yes, /var/satellite is a NFS mount dump-new:/vol/rhndevqaV2 on /var/satellite type nfs (rw,addr=x.x.x.x) [root@rlx-3-22 ~]# ls -lZ /var/satellite/ drwxr-xr-x apache root system_u:object_r:nfs_t redhat drwxr-xr-x apache root system_u:object_r:nfs_t rhn /usr/sbin/getsebool spacewalk_nfs_mountpoint; spacewalk_nfs_mountpoint --> off Good. Now, was the Satellite installed via ./install.pl, with SELinux enabled, and was /var/satellite NFS-mounted at the time when the installer was run? Because we have code in /usr/bin/spacewalk-setup (which gets called by ./install.pl) which does /usr/sbin/setsebool -P spacewalk_nfs_mountpoint 1 when it sees that /var/satellite or paths under it are nfs_t mounted. So in your case, the spacewalk_nfs_mountpoint boolean should have been set to on. Is there somethine suspicious in rhn-installation.log, perhaps? This makes sense. The script I'm using does the install, then after that it mounts /var/satellite over NFS. QA has modified the script, so the mounting of /var/satellite now happens prior to install being called. Jan, Does it make sense to put this bug to ON_QA and we'll retest with NFS mounted first? I'd like to confirm the behavior we saw isn't really a bug, but it's what you intend, where SELinux limits the functionality since /var/satellite was installed after the fact. What would be the steps to enable a NFS mounted /var/satellite after a Sat install? Is setting spacewalk_nfs_mountpoint to 1 enough? The installer (well, spacewalk-setup) checks that /var/satellite is NFS-mounted during install time, and sets spacewalk_nfs_mountpoint to true if it finds it to be NFS. So yes, the fix post install is to run setsebool. Moving ON_QA per your suggesting. this is working... no selinux denials [root@grandprix audit]# cat /dev/null > audit.log [root@grandprix tmp]# rhnpush -c westest -d /tmp/ -u admin -p dog8code --server=http://grandprix.rhndev.redhat.com -vvv Uploading files from directory /tmp/ Connecting to http://grandprix.rhndev.redhat.com/APP url is http://grandprix.rhndev.redhat.com/PACKAGE-PUSH Result codes: 200 OK Computing md5sum and package Info .This may take sometime ... Package /tmp/testAutoFile-2-1.0.i386.rpm Not Found on RHN Server -- Uploading Uploading package /tmp/testAutoFile-2-1.0.i386.rpm Using POST request Package /tmp/testAutoFile-1-1.0.i386.rpm Not Found on RHN Server -- Uploading Uploading package /tmp/testAutoFile-1-1.0.i386.rpm Using POST request [root@grandprix tmp]# [root@grandprix audit]# tail -f audit.log ' [root@grandprix audit]# ls Please add release note: When running with SELinux enabled, if /var/satellite is changed to a NFS mount after initial install, you need to run: "/usr/sbin/setsebool -P spacewalk_nfs_mountpoint 1" This note has been added to the English Release Notes for 5.3.0. I have put in a request for Glaucia and the Localization team to translate this additional note. Reassigning to John as this turns to be just documentation bugzilla now. Verified ISO: Satellite-5.3.0-RHEL5-re20090612.0-i386-embedded-oracle.iso https://rlx-3-22.rhndev.redhat.com/rhn/help/release-notes/satellite/en-US/index.jsp # When using Satellite with SELinux enabled, if /var/satellite/ is changed to an NFS mount after the initial installation, you must run the following command: /usr/sbin/setsebool -P spacewalk_nfs_mountpoint 1 verified in stage on xen5 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html |