Bug 494909 - Monitoring, scout config push never completes if SELinux is enforcing
Monitoring, scout config push never completes if SELinux is enforcing
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Monitoring (Show other bugs)
530
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Suchý
wes hayutin
https://riverraid.rhndev.redhat.com/n...
:
Depends On:
Blocks: 457079 463877 486216
  Show dependency treegraph
 
Reported: 2009-04-08 12:51 EDT by wes hayutin
Modified: 2009-09-10 14:15 EDT (History)
4 users (show)

See Also:
Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-10 14:15:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
audit.log (2.91 KB, text/plain)
2009-06-02 08:22 EDT, wes hayutin
no flags Details

  None (edit)
Description wes hayutin 2009-04-08 12:51:22 EDT
Description of problem:
Satellite-5.3.0-RHEL5-re20090403.2-i386-embedded-oracle.iso

Monitoring, scout config push never completes if SELinux is enforcing.
The *very* odd thing is that nothing is logged to the audit.log, so I guess it may *not* be a denial problem.  This is an odd bug and I am not quite sure what exactly is going on.


recreate:
Turn SELinux to permissive:

setup monitoring:
Server:
1. Login as Sat admin
2. Enable Monitoring,  under Admin -> Spacewalk/RHN Configuration, check Enable Monitoring, click Update
3. Enable Monitoring Scout, under Admin -> Spacewalk/RHN Configuration -> Monitoring, check Enable Monitoring Scout, click Update Config
4. Restart Spacewalk/RHN Satellite
5. Make sure /etc/init.d/Monitoring is started
6. From the server, su - nocpulse, scp the .ssh/nocpulse-identity.pub root@client:/tmp 
7. This same key can also be found at Monitoring -> Scout Config Push -> RHN Monitoring Satellite

Client:
5. Register a client, enable monitoring on the client
6. Alter system channel membership to include RHN Network Tools
7. Install rhnmd package on client and do service rhnmd start.
8. On the client, su - nocpulse, cat /tmp/nocpulse-identity.pub >> /opt/nocpulse/.ssh/authorized_keys
8.1 (SAT 5.3 CHANGE) On the client, su - nocpulse, cat /tmp/nocpulse-identity.pub >> /var/lib/nocpulse/.ssh/authorized_keys
9. restart the rhnmd, /etc/init.d/rhnmd restart 

10. Go into the webui and push the scout config.
should work successfully.

Now:
Turn SELinux back on to enforcing
11. push the scout config again.

Results:
The scout config push never completes
AND
Nothing is logged to audit.log
very odd...

Expected Results:
Either the scout config push works, OR we get a denial or message in audit.log
Comment 1 Miroslav Suchý 2009-04-10 04:33:45 EDT
Jan,
can you please investigate this issue? I know that some events are not logged to audit.log, can you elaborate it?
Comment 2 Jan Pazdziora 2009-04-10 04:54:19 EDT
If there is nothing in audit.log, it's unlikely to be SELinux related.
Comment 3 Jan Pazdziora 2009-04-10 04:57:12 EDT
I just tried Scout push with spacewalk-monitoring-selinux-0.6.2-1 which fixes a couple of true SELinux bugs, and the push proceeds just fine, adding new probe, and the probe then starts to show the current state.

Please advise if you want the bugzilla back for general investigation or monitoring oddity, or if I should just move it ON_QA.
Comment 4 Miroslav Suchý 2009-04-10 05:28:48 EDT
OK. Please can you tried it again with new ISO? 
Jan - you can move it on ON_QA once new ISO will rolled out.
Comment 5 Jan Pazdziora 2009-04-15 03:16:36 EDT
Moving ON_QA, with the latest ISO Satellite-5.3.0-RHEL?-re20090414.0.
Comment 6 wes hayutin 2009-04-15 15:56:18 EDT
NICE!!!!
monitoring is working..
verified :)
Comment 7 wes hayutin 2009-06-02 08:20:50 EDT
this is failing in 5/29 build..
Comment 8 wes hayutin 2009-06-02 08:22:19 EDT
Created attachment 346243 [details]
audit.log
Comment 10 Miroslav Suchý 2009-06-09 11:40:01 EDT
This should have been fixed by my commit 249f66e71268a8f05ee376c989a51d1cdc719bce in https://bugzilla.redhat.com/show_bug.cgi?id=498611#c4
Comment 11 Miroslav Suchý 2009-06-12 08:59:46 EDT
compose 20090612
moving ON_QA
Comment 12 wes hayutin 2009-06-15 16:20:48 EDT
verified 6/12.1 
 	1 - 1 of 1 (0 selected)    	   
	Config Status 	Scout Name 	Last Request 	Completed
	Ok 	RHN Satellite Monitoring Scout 	2009-06-15 04:14:19 PM EDT 	2009-06-15 04:15:18 PM EDT
Comment 13 Milan Zazrivec 2009-09-02 10:36:25 EDT
Verified in stage -> RELEASE_PENDING
Comment 14 Brandon Perkins 2009-09-10 14:15:31 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html

Note You need to log in before you can comment on or make changes to this bug.