Description of problem: 5.3 proxy install via webui fails with selinux enabled Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. install proxy via satellite webui 2. 3. Actual results: Could not Generate SSL server cert. Error: 1 Expected results: no error. Additional info: from audit. log type=AVC msg=audit(1237825098.946:50): avc: denied { sys_resource } for pid=3791 comm="sudo" capability=24 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability type=SYSCALL msg=audit(1237825098.946:50): arch=40000003 syscall=75 success=no exit=-1 a0=6 a1=bfc04bf0 a2=253ff4 a3=bfc04bf0 items=0 ppid=2756 pid=3791 auid=4294967295 uid=48 gid=48 euid=0 suid=0 fsuid=0 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1237825099.019:51): avc: denied { create } for pid=3791 comm="sudo" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=netlink_audit_socket type=SYSCALL msg=audit(1237825099.019:51): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bfc04a90 a2=397ff4 a3=6db0a0 items=0 ppid=2756 pid=3791 auid=4294967295 uid=0 gid=48 euid=0 suid=0 fsuid=0 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="sudo" exe="/usr/bin/sudo" subj=system_u:system_r:httpd_t:s0 key=(null)
Created attachment 336475 [details] Full AVC denials under Permissive.
Fixed in Spacewalk repo, commits 507b3d7245508195c207a18414d8e0c644cf9989, de07027905e47a83b25a8c9f2667452ccbbd56c2, fbecb755d385feac8bfe934d9790b5f10978e2b9, ba393642f4dd97cf31341179c78c3f7c979d5991, daf056a14b59f58a73f54b03e6d4a7954b8854ca, and 69062132d20311a94893e7f5fef43e7a7166d274. Tagged as spacewalk-certs-tools-0.5.4-1, spacewalk-admin-0.5.13-1, spacewalk-selinux-0.5.3-1, and spacewalk-web-0.5.20-1.
With compose Satellite-5.3.0-RHEL5-re20090327.0 available, moving ON_QA.
verified Satellite-5.3.0-RHEL5-re20090327.0 activated rhel4 proxy on rhel5 satellite from webui
verified in stage. activated rhel5 530 proxy from webui with enforcing selinux.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html