Bug 498686
| Summary: | SELinux Preventing httpd From Starting: mod_rewrite / satidmap.pl Issue | ||
|---|---|---|---|
| Product: | Red Hat Satellite 5 | Reporter: | Devan Goodwin <dgoodwin> |
| Component: | Server | Assignee: | Jan Pazdziora (Red Hat) <jpazdziora> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | wes hayutin <whayutin> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 530 | CC: | cperry, marcus.moeller, mzazrivec |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | sat530 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-10 19:12:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 498685 | ||
| Bug Blocks: | 457079 | ||
|
Description
Devan Goodwin
2009-05-01 21:49:29 UTC
What is the error in audit.log? I wonder if the whole SELinux setup is broken because of bug 498685 -- the SELinux modules were not loaded properly at all? From audit.log:
type=AVC msg=audit(1241380980.842:257): avc: denied { execute } for pid=14495 comm="httpd" name="satidmap.pl" dev=hda3 ino=7032978 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1241380980.842:257): arch=40000003 syscall=33 success=no exit=-13 a0=8a56018 a1=5 a2=73e1e8 a3=8a9ae30 items=0 ppid=1 pid=14495 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=27 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
Think it's related to the bad selinux rpm versions?
(In reply to comment #2) > > Think it's related to the bad selinux rpm versions? Yes. The correct type is # ls -laZ /etc/rhn/satellite-httpd/conf/satidmap.pl -rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t /etc/rhn/satellite-httpd/conf/satidmap.pl The issue will be fixed once we have new ISO with new oracle-nofcontext-selinux. That is tracked in bug 498685. We can probably make it a dupe of that one. Or keep it open to go throught the whole QA process. Alternatively you can retest and confirm that the problem is gone once the new ISO is out. Package oracle-nofcontext-selinux-0.1-23.8.1.el5sat.noarch.rpm with the fix is on the Satellite-5.3.0-RHEL5-re20090507.1 ISO, moving ON_QA. verified 5/7.1 build Still valid in Spacewalk with oracle-nofcontext-selinux-0.1-23.9.el5.noarch. Best Regards Marcus Verified in stage -> RELEASE_PENDING An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html |