Bug 505297

Summary: selinux error when rhn_check against proxy
Product: Red Hat Satellite 5 Reporter: Miroslav Suchý <msuchy>
Component: ServerAssignee: Miroslav Suchý <msuchy>
Status: CLOSED NOTABUG QA Contact: Brandon Perkins <bperkins>
Severity: medium Docs Contact:
Priority: low    
Version: 530   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-11 12:08:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miroslav Suchý 2009-06-11 11:57:56 UTC
Description of problem:
see steps to reproduce

Version-Release number of selected component (if applicable):
sat530

How reproducible:
done once

Steps to Reproduce:
1. install satellite
2. install rhn proxy
3. regitster system through proxy
4. do rhn_check on that system
  
Actual results:
avc in audit.log and tracebacak

Expected results:
no errors

Additional info:
from audit.log:
type=AVC msg=audit(1244721182.463:5751): avc:  denied  { write } for  pid=303 comm="httpd" name="proxy-auth" dev=dm-0 ino=591001 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1244721182.463:5751): avc:  denied  { add_name } for  pid=303 comm="httpd" name="p1000010042" scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1244721182.463:5751): avc:  denied  { create } for  pid=303 comm="httpd" name="p1000010042" scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1244721182.766:5752): avc:  denied  { lock } for  pid=303 comm="httpd" name="p1000010042" dev=dm-0 ino=589970 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1244721182.767:5753): avc:  denied  { getattr } for  pid=303 comm="httpd" name="p1000010042" dev=dm-0 ino=589970 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1244721182.768:5754): avc:  denied  { write } for  pid=303 comm="httpd" name="p1000010042" dev=dm-0 ino=589970 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file

Traceback:
Exception Handler Information
Traceback (most recent call last):
  File "/usr/share/rhn/proxy/rhnProxyAuth.py", line 145, in set_cached_token
    shelf[self.__cache_proxy_key()] = token
  File "/usr/share/rhn/proxy/rhnProxyAuth.py", line 391, in __setitem__
    return rhnCache.set(rkey, val)
  File "/usr/share/rhn/common/rhnCache.py", line 83, in set
    cache.set(name, value, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 354, in set
    self.cache.set(name, pickled, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 248, in set
    fd = self.set_file(name, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 280, in set_file
    fd = WriteLockedFile(name, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 177, in __init__
    self.fd = self.get_fd(name)
  File "/usr/share/rhn/common/rhnCache.py", line 220, in get_fd
    fd = _safe_create(self.fname)
  File "/usr/share/rhn/common/rhnCache.py", line 151, in _safe_create
    fd = os.open(fname, os.O_WRONLY | os.O_CREAT | os.O_EXCL, 0644)
OSError: [Errno 13] Permission denied: '/var/cache/rhn/proxy-auth/p1000010042'

# ls -ldZ /var/cache/rhn/proxy-auth
drwxr-x---  apache root system_u:object_r:var_t          /var/cache/rhn/proxy-auth

Comment 1 Miroslav Suchý 2009-06-11 12:08:02 UTC
Err for some reason I did not have loaded spacewalk-proxy selinux module.