Description of problem: 4/24.1 build rhel 5 recreate: 1. setup configure monitoring 2. create a network services, ftp probe 3. push scount config w/ selinux in permissive get: Network Services: FTP FTP port 21: Latency 0.0120 sec; Response 220 (vsFTPd 2.0.1) 331 Please specify the password. 530 Please login with USER and PASS. 230 Login successful. 221 Goodbye. w/ selinux enforcing get: Network Services: FTP FTP port 21: connect: Permission denied Most likely related and need the same policy change as bug: https://bugzilla.redhat.com/show_bug.cgi?id=498936 for "sh" commands... If it is the same, we need two bugs open to verify the probe. I think one bug per probe is reasonable.
Jan, can you please do it?
The AVC denial is type=AVC msg=audit(1243328831.582:1272): avc: denied { name_connect } for pid=5491 comm="kernel.pl" dest=21 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:ftp_port_t:s0 tclass=tcp_socket
Fixed in Spacewalk repo master 659dc089d998889c406e7ac9ce4e1ef24913d96d.
-bash-3.2$ rhn-runprobe --probe 164 2009-06-04 09:32:50 Items changed or removed: 2009-06-04 09:32:50 latency '0.02674' is OK 2009-06-04 09:32:50 Response '220 (vsFTPd 2.0.1) 331 Please specify the password. 530 Please login with USER and PASS. ' is OK 2009-06-04 09:32:50 connect: Connection refused '' is CRITICAL 2009-06-04 09:32:50 Would notify because: 2009-06-04 09:32:50 connect: Connection refused '' is OK 2009-06-04 09:32:50 NOTE: Running in test mode; no changes saved, nothing enqueued 2009-06-04 09:32:50 ============================================================ OK: FTP port 21: Latency 0.0267 sec; Response 220 (vsFTPd 2.0.1)\r\n331 Please specify the password.\r\n530 Please login with USER and PASS.\r\n ============================================================ -bash-3.2$ verified
Verified in stage -> RELEASE_PENDING
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html