Bug 698567

Summary: error: cannot open Packages database in /var/lib/rpm
Product: Red Hat Satellite 5 Reporter: Šimon Lukašík <slukasik>
Component: ServerAssignee: Jan Pazdziora (Red Hat) <jpazdziora>
Status: CLOSED ERRATA QA Contact: Šimon Lukašík <slukasik>
Severity: low Docs Contact:
Priority: low    
Version: 541CC: jhutar, mzazrivec
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: spacewalk-backend-1.2.13-50 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-17 02:42:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 677501    

Description Šimon Lukašík 2011-04-21 09:22:08 UTC 
Description of problem:
When rhnpush-ing packages to RHN Satellite 5.4.1 the error is generated
to the /var/log/httpd/error_log. This is introduced by the change in
selinux policy, which does no longer allow apache to look up /var/lib/rpm

Version-Release number of selected component (if applicable):
Satellite 5.4.1 on RHEL6.1
spacewalk-backend-1.2.13-44
selinux-policy-targeted-3.7.19-85
spacewalk-selinux-1.2.1-2

How reproducible:
deterministic

Steps to Reproduce:
1. watch /var/log/httpd/error_log
2. rhnpush some arbitrary package
3.
  
Actual results:
error: cannot open Packages database in /var/lib/rpm

Expected results:
No error during a package push.

Additional info:
This is a regression against RHN Satellite 5.4.0.
Comment 1 Jan Pazdziora (Red Hat) 2011-05-06 12:43:23 UTC 
Dontaudited in SATELLITE-5.4, 909648368f86c2aaac879b75522362cafd7066a5.
Comment 3 Šimon Lukašík 2011-05-10 13:59:42 UTC 
Moving back to assigned:

The bug description, says nothing about the auditing, but it mentioned
the consequence of 909648368f86c2aaac879b75522362cafd7066a5, which is the
error upper mentioned in the error_log.

# rpm -q spacewalk-selinux
spacewalk-selinux-1.2.1-2.el6sat.noarch

# grep -lir 'error: cannot open Packages database in /var/lib/rpm' \
  /var/log/httpd/*
/var/log/httpd/error_log
/var/log/httpd/error_log.4
Comment 4 Jan Pazdziora (Red Hat) 2011-05-10 14:04:31 UTC 
Ahá.
Comment 5 Jan Pazdziora (Red Hat) 2011-05-13 13:41:24 UTC 
Fixed in Spaceawlk master, cb1e1d3754c79ff4c7f71c5b9611608febb7e2c0.

We now steer the rpm transaction to create a database in /var/cache/rhn/rhnpush-rpmdb if it so wishes to have one.
Comment 6 Jan Pazdziora (Red Hat) 2011-05-13 13:47:51 UTC 
Cherry picked to SATELLITE-5.4: a2292b882de0589687183bab2b56cfd54634f294.

Tagged and built as spacewalk-backend-1.2.13-50.
Comment 8 Šimon Lukašík 2011-05-18 06:34:33 UTC 
Changing to Verified:

Testing procedure:
After full automation on Satellite 5.4.1 there
is no such error in /var/log/httpd/*

Verified against:
Satellite 5.4.1 re20110517.0
spacewalk-backend-1.2.13-50.el6sat.noarch
Comment 9 Milan Zázrivec 2011-06-06 13:35:31 UTC 
Verified in stage w/ spacewalk-backend-1.2.13-52 -> release pending.
Comment 10 Clifford Perry 2011-06-17 02:42:46 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

https://rhn.redhat.com/errata/RHEA-2011-0875.html