Bug 505297 - selinux error when rhn_check against proxy
selinux error when rhn_check against proxy
Status: CLOSED NOTABUG
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server (Show other bugs)
530
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Suchý
Brandon Perkins
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-11 07:57 EDT by Miroslav Suchý
Modified: 2009-06-11 08:08 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-11 08:08:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Miroslav Suchý 2009-06-11 07:57:56 EDT
Description of problem:
see steps to reproduce

Version-Release number of selected component (if applicable):
sat530

How reproducible:
done once

Steps to Reproduce:
1. install satellite
2. install rhn proxy
3. regitster system through proxy
4. do rhn_check on that system
  
Actual results:
avc in audit.log and tracebacak

Expected results:
no errors

Additional info:
from audit.log:
type=AVC msg=audit(1244721182.463:5751): avc:  denied  { write } for  pid=303 comm="httpd" name="proxy-auth" dev=dm-0 ino=591001 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1244721182.463:5751): avc:  denied  { add_name } for  pid=303 comm="httpd" name="p1000010042" scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1244721182.463:5751): avc:  denied  { create } for  pid=303 comm="httpd" name="p1000010042" scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1244721182.766:5752): avc:  denied  { lock } for  pid=303 comm="httpd" name="p1000010042" dev=dm-0 ino=589970 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1244721182.767:5753): avc:  denied  { getattr } for  pid=303 comm="httpd" name="p1000010042" dev=dm-0 ino=589970 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1244721182.768:5754): avc:  denied  { write } for  pid=303 comm="httpd" name="p1000010042" dev=dm-0 ino=589970 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file

Traceback:
Exception Handler Information
Traceback (most recent call last):
  File "/usr/share/rhn/proxy/rhnProxyAuth.py", line 145, in set_cached_token
    shelf[self.__cache_proxy_key()] = token
  File "/usr/share/rhn/proxy/rhnProxyAuth.py", line 391, in __setitem__
    return rhnCache.set(rkey, val)
  File "/usr/share/rhn/common/rhnCache.py", line 83, in set
    cache.set(name, value, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 354, in set
    self.cache.set(name, pickled, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 248, in set
    fd = self.set_file(name, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 280, in set_file
    fd = WriteLockedFile(name, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 177, in __init__
    self.fd = self.get_fd(name)
  File "/usr/share/rhn/common/rhnCache.py", line 220, in get_fd
    fd = _safe_create(self.fname)
  File "/usr/share/rhn/common/rhnCache.py", line 151, in _safe_create
    fd = os.open(fname, os.O_WRONLY | os.O_CREAT | os.O_EXCL, 0644)
OSError: [Errno 13] Permission denied: '/var/cache/rhn/proxy-auth/p1000010042'

# ls -ldZ /var/cache/rhn/proxy-auth
drwxr-x---  apache root system_u:object_r:var_t          /var/cache/rhn/proxy-auth
Comment 1 Miroslav Suchý 2009-06-11 08:08:02 EDT
Err for some reason I did not have loaded spacewalk-proxy selinux module.

Note You need to log in before you can comment on or make changes to this bug.