Bug 893096

Summary: Starting rhnmd on RHEL7 produces AVC denial
Product: Red Hat Satellite 5 Reporter: Tomáš Kašpárek <tkasparek>
Component: ClientAssignee: Michael Mráka <mmraka>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Minar <mminar>
Severity: medium Docs Contact:
Priority: medium    
Version: 550CC: cperry, mkoci, mminar
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rhnmd-5.3.17-2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-13 09:45:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1127641    

Description Tomáš Kašpárek 2013-01-08 15:14:35 UTC 
Description of problem:
rhnmd sometimes produces following AVC denial when starting on RHEL7

Version-Release number of selected component (if applicable):
spacewalk 1.9 nightly, RHEL7 client

How reproducible:
non-determistic

Steps to Reproduce:
1. # service rhnmd start && service rhnmd stop
  
Actual results:
AVC denial
type=AVC msg=audit(1357652638.535:481): avc: denied { name_bind } for pid=5668 comm="rhnmd" src=4545 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket 

Expected results:
no AVC denials

Additional info:
Comment 1 Michael Mráka 2013-07-29 12:46:58 UTC 
Fixed in spacewalk nightly by

commit 735a8220c954186373fcf4c640002c513df84673
    893096 - bind rhnmd to port on new RHEL
    fixing
    type=AVC msg=audit(1375100630.341:771): avc:  denied  { name_bind } for pid=19076 comm="rhnmd" src=4545 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket
Comment 2 Michael Mráka 2013-07-29 12:50:25 UTC 
Backported to SATELLITE-5.6 as
commit 66a3dfd3ff28d306fda23841e3a86187a48a87bf
    893096 - bind rhnmd to port on new RHEL
Comment 6 Clifford Perry 2014-10-06 16:04:24 UTC 
resetting for fresh review. Doubt modified is correct state.
Comment 7 Clifford Perry 2015-01-13 09:45:18 UTC 
With the release of Red Hat Satellite 5.7 on January 12th 2015 this bug is being moved to a Closed Current Release state. 

The Satellite 5.7 GA Errata:
 - https://rhn.redhat.com/errata/RHSA-2015-0033.html 

Satellite 5.7 Release Notes:
 - https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html-single/Release_Notes/index.html

Satellite Customer Portal Blog announcement for release:
 - https://access.redhat.com/blogs/1169563/posts/1315743 

NOTE: This specific bug did not get verified and being closed as assumed fixed. Please reopen if this is not resolved within the release. 

Cliff