489554 – avc: denied { node_bind } for comm="upload_results."

Bug 489554 - avc: denied { node_bind } for comm="upload_results."

Summary: avc: denied { node_bind } for comm="upload_results."

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Server
Sub Component:
Version:	0.5
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jan Pazdziora
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	space06
TreeView+	depends on / blocked

Reported:	2009-03-10 17:13 UTC by Milan Zázrivec
Modified:	2009-09-10 12:05 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-10 12:05:33 UTC
Embargoed:

Attachments	(Terms of Use)
part of /var/log/audit/audit.log (221 bytes, text/plain) 2009-03-10 17:13 UTC, Milan Zázrivec	no flags	Details
View All

Description Milan Zázrivec 2009-03-10 17:13:30 UTC

Created attachment 334682 [details]
part of /var/log/audit/audit.log

Description of problem:
SELinux denial occurs on a new Spacewalk 0.5 installation right after
Scout Config Push completes.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-203
spacewalk-selinux-0.5.2-1
spacewalk-monitoring-selinux-0.5.4-1

How reproducible:
Always

Steps to Reproduce:
1. Install RHEL-5.3, selinux enabled (permissive at least)
2. Install Oracle-XE and Spacewalk 0.5
3. Activate monitoring and monitoring scout.
4. In webui, navigate to Monitoring -> Scout config push and run the
   actual configuration push.
5. Right after the configuration push successfully completes, avc denial
   occurs (/var/log/audit/audit.log)
  
Actual results:
Attachment

Expected results:
No denial

Additional info:
# ls -Z /var/www/cgi-bin/upload_results.cgi
-rwxr-xr-x  root root system_u:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/upload_results.cgi

Comment 1 Jan Pazdziora 2009-04-07 11:21:30 UTC

Fix committed to Spacewalk repo, commit f9ba12389173cbdc295fe9f5111be5e3e9c939d8 in master and 2d5d6b8a0fc3f551df1e419544417fdc09266673 in VADER.

Comment 2 Jan Pazdziora 2009-04-08 09:18:38 UTC

Tagged as spacewalk-monitoring-selinux-0.6.1-1 and spacewalk-monitoring-selinux-0.5.6-2-sat.

Comment 3 Miroslav Suchý 2009-09-10 12:05:33 UTC

Spacewalk 0.6 released

Note You need to log in before you can comment on or make changes to this bug.