Bug 660259
| Summary: | Avc denials from satidmap.pl during the sat installation | ||
|---|---|---|---|
| Product: | Red Hat Satellite 5 | Reporter: | Šimon Lukašík <slukasik> |
| Component: | Installer | Assignee: | Jan Pazdziora (Red Hat) <jpazdziora> |
| Status: | CLOSED WONTFIX | QA Contact: | Red Hat Satellite QA List <satqe-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 530 | CC: | jpazdziora |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-12-10 22:28:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 518253 | ||
Taking. Šimon, any SELinux features are only supported on RHEL 5+. On RHEL 4, there are and there will be AVC denials because we do not ship any policy there, we never addressed them on RHEL 4. I'm going to WONTFIX this bugzilla now, reopen if you disagree. |
Description of problem: Version-Release number of selected component (if applicable): satellite-schema-5.3.0.23-1.el4sat spacewalk-backend-0.5.28-59.1.el4sat selinux-policy-targeted-1.17.30-2.152.el4 How reproducible: always Steps to Reproduce: 1. Install satellite 530 on latest rhel4 2. 3. Actual results: audit(1291623873.436:3): avc: denied { read } for pid=13117 comm="httpd" name="[117497]" dev=pipefs ino=117497 scontext=root:system_r:httpd_t tcontext=root:system_r:unconfined_t tclass=fifo_file audit(1291623874.455:4): avc: denied { ioctl } for pid=13117 comm="httpd" name="[117497]" dev=pipefs ino=117497 scontext=root:system_r:httpd_t tcontext=root:system_r:unconfined_t tclass=fifo_file audit(1291623874.793:5): avc: denied { write } for pid=13117 comm="httpd" name="jk-runtime-status.13117" dev=dm-0 ino=5620748 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t tclass=file audit(1291623874.960:6): avc: denied { unlink } for pid=13117 comm="httpd" name="jk-runtime-status.13117.lock" dev=dm-0 ino=5620749 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t tclass=file audit(1291623875.290:7): avc: denied { execute } for pid=13137 comm="httpd" name="satidmap.pl" dev=dm-0 ino=1805552 scontext=root:system_r:httpd_t tcontext=system_u:object_r:etc_t tclass=file audit(1291623875.308:8): avc: denied { execute_no_trans } for pid=13137 comm="httpd" name="satidmap.pl" dev=dm-0 ino=1805552 scontext=root:system_r:httpd_t tcontext=system_u:object_r:etc_t tclass=file Expected results: Additional info: This problem affects only Satellites 530 on RHEL4