Created attachment 334678 [details] part of /var/log/audit/audit.log Description of problem: SELinux denial occurs when installing Spacewalk 0.5 on a SELinux enabled machine. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-203 oracle-nofcontext-selinux-0.1-23.5 spacewalk-selinux-0.5.2-1 oracle-instantclient-selinux-10.2-7 oracle-xe-selinux-10.2-9 How reproducible: Always Steps to Reproduce: 1. Install RHEL-5.3, selinux enabled 2. Setup Oracle-XE as documented in https://fedorahosted.org/spacewalk/wiki/OracleXeSetup 3. yum install spacewalk 4. spacewalk-setup --disconnected 5. AVC denial occurs right about the time spacewalk-setup prints: ** Database: Testing database connection. Actual results: Attachment Expected results: No denial. Additional info: N/A
The denial actually shows up even on a running Spacewalk 0.5 (not just during the actual installation).
Milan, was this Permissive or Enforcing?
(In reply to comment #2) > Milan, was this Permissive or Enforcing? Permissive.
The problem was caused by using /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/oracle_env.sh in root's/oracle's .bash_profile. In that case, sqlplus and client libraries from Oracle XE rpm instead of those from InstantClient rpm were used. We've since addressed the issue by removing the recommendation to use/link oracle_env.sh from https://fedorahosted.org/spacewalk/wiki/OracleXeSetup. On current installations (as of Spacewalk 0.5), the directory /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/log has type oracle_tnslsnr_log_t but stays empty. We might want to change it to oracle_common_log_t should we ever need to support this scenario. Moving ON_QA with Spacewalk 0.5 and current installation instructions being released.
Spacewalk 0.5 released.
Spacewalk 0.5 has been released for long time ago.
Reopening, it's still present in Spacewalk 1.3.
The AVC denial is caused by timeout during (say) login and ORA-3136 which the Oracle server tries to log into /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/network/log/sqlnet.log.
Fixed in Spacewalk master, 85b5cf4d54b389d2ca14c955766265457cf0c47c.
Mass moving to ON_QA before release of Spacewalk 1.4
Spacewalk 1.4 has been released