Created attachment 345410 [details] patch solving the problem (tested) Description of problem: * Satellite-5.3.0-RHEL5-re20090521.1 installation as a xen guest * selinux denial occurs when oracle server starts and console is attached to the guest system (xm console $yourguest) Version-Release number of selected component (if applicable): oracle-server-i386-10.2.0.4-49 How reproducible: Always Steps to Reproduce: 1. Install Satellite 5.3.0, embedded db variant on RHEL5 as a xen guest 2. Restart your satellite 3. From inside xen host, during guest startup do # xm console yourguest 4. # grep denied /var/log/audit/audit.log Actual results: # grep denied /var/log/audit/audit.log type=AVC msg=audit(1243328807.645:11): avc: denied { read write } for pid=1364 comm="tnslsnr" path="/dev/console" dev=tmpfs ino=560 scontext=system_u:system_r:oracle_tnslsnr_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file Expected results: No denial Additional info: N/A
thirdparty.git: e4207abfcb77ac538dcd51bb359025dc895b9131 d19452f1cbfad708a84706b93249a8424f3b146e c5760b8629bbdbe839c10b60922d85279c631f2b 640e347c0231d11be2bebda1319c2dc0db8c467c a07b001c7c582b1774d42686012ee795a752f7d3 tagged: oracle-server-i386-10.2.0.4-51 oracle-server-s390x-10.2.0.4-51 oracle-server-x86_64-10.2.0.4-51
oracle-server-i386-10.2.0.4-54
verified 5/29
With Satellite-5.3.0-RHEL5-re20090820.1, no AVC denial while I had xm console ad-530-gold running in one terminal and did service oracle start in another. Stage verified -> RELEASE_PENDING.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html