Bug 498936
| Summary: | SELinux, network services ssh probe fails w/ selinux enforcing | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite 5 | Reporter: | wes hayutin <whayutin> | ||||
| Component: | Monitoring | Assignee: | Jan Pazdziora <jpazdziora> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | wes hayutin <whayutin> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 530 | CC: | bperkins, mzazrivec, pthomas | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | na | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | sat530 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-09-10 19:12:47 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 457079 | ||||||
| Attachments: |
|
||||||
|
Description
wes hayutin
2009-05-04 14:30:17 UTC
Jan, can you please do it? Wes, the error is the line with type=AVC, not type=SYSCALL. Can you please attach the actual AVC denial line? Thanks, Jan. Created attachment 342454 [details]
audit.log tar'd up
attaching all the audit logs I have for the box, because I am unable find the offending line. It is clearly related to selinux, turning selinux on or off changes the probes status. The AVC message is
avc: denied { name_connect } for pid=699 comm="kernel.pl" dest=22 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket
which strangely enough I was not able to see in any of the logs.
Fixed in Spacewalk repo, master a775624dd595299beb5023b7d70f0520e1fd5d61, spacewalk-monitoring-selinux-0.6.7-1, VADER 751f78df7878079e37661f7007056a460279c66b. *** Bug 497912 has been marked as a duplicate of this bug. *** With compose Satellite-5.3.0-RHEL5-re20090520.0 available, moving ON_QA. [root@grandprix ~]# su - nocpulse -bash-3.2$ rhn-runprobe 102 2009-06-02 08:39:27 No items changed 2009-06-02 08:39:27 Notification not required 2009-06-02 08:39:27 NOTE: Running in test mode; no changes saved, nothing enqueued 2009-06-02 08:39:27 ============================================================ OK: SSH port 22: Latency 0.0885 sec; Response SSH-2.0-OpenSSH_4.3\n ============================================================ -bash-3.2$ exit logout [root@grandprix ~]# getenforce Enforcing [root@grandprix ~]# Verified in stage -> RELEASE_PENDING An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html |