Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 624738

Summary: sqlplus produces lot of avc denials during ./install.pl
Product: Red Hat Satellite 5 Reporter: Šimon Lukašík <slukasik>
Component: InstallerAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED CURRENTRELEASE QA Contact: Šimon Lukašík <slukasik>
Severity: medium Docs Contact:
Priority: low    
Version: 540CC: cperry, msuchy
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: oracle-server-s390x-10.2.0.4-61 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 626420 (view as bug list) Environment:
Last Closed: 2010-10-28 14:59:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 608771, 625708, 626420    
Attachments:
Description Flags
Avc denials
none
/var/log/rhn/install_db.log none

Description Šimon Lukašík 2010-08-17 15:58:43 UTC
Description of problem:
During installation of Satellite-5.4.0-RHEL5-re20100817.0 a lot of selinux avc denials occurs. There is also failed attempt to restart Oracle DB.

+ service oracle restart
Shutting down Oracle Net Listener ...[  OK  ]
Shutting down Oracle DB instance "rhnsat" ...[FAILED]
sqlplus: error while loading shared libraries: libsqlplus.so: cannot enable executable stack as shared object requires: Permission denied
/etc/init.d/oracle: line 42: [: 10: unary operator expected
Starting Oracle Net Listener ... [  OK  ]
Starting Oracle DB instance "rhnsat" ... [  OK  ]

Version-Release number of selected component (if applicable):
Satellite-5.4.0-RHEL5-re20100817.0

How reproducible:
always

Steps to Reproduce:
1. ./install.pl
2.
3.
  
Actual results:
avc denials

Expected results:
none (avc denial)

Additional info:

Comment 1 Šimon Lukašík 2010-08-17 16:00:21 UTC
Created attachment 439146 [details]
Avc denials

Comment 2 Šimon Lukašík 2010-08-17 16:02:22 UTC
Created attachment 439147 [details]
/var/log/rhn/install_db.log

Comment 4 Šimon Lukašík 2010-08-17 20:16:01 UTC
This is what I see in /var/log/messages during rhn-satellite restart:

Aug 17 16:11:52 hp-ml370g5-01 setroubleshoot: SELinux is preventing sqlplus (oracle_sqlplus_t) "execstack" to <Unknown> (oracle_sqlplus_t). For complete SELinux messages. run sealert -l c96aedbb-0d10-4631-bdae-0b2288d635d5

Comment 5 Milan Zázrivec 2010-08-20 13:14:52 UTC
thirdparty.git master: 842e58d9de8f7d9994507248061395ed40494e1d

Comment 6 Milan Zázrivec 2010-08-23 14:21:22 UTC
The fix mentioned above addresses only the problem occurring during
oracle-server start:

    avc:  denied  { execstack } for  comm="sqlplus"
    scontext=root:system_r:oracle_sqlplus_t:s0
    tcontext=root:system_r:oracle_sqlplus_t:s0

To address the avc: denied { search } denials, I created a clone #626420

Comment 8 Šimon Lukašík 2010-09-09 12:54:56 UTC
Changing to VERIFIED:

Testing procedure:
Automated Galatica installations. (For ex. j:17115). 

Verified against:
Satellite-5.4.0-RHEL5-re20100903.1 (embedded)

Comment 9 Miroslav Suchý 2010-10-22 12:23:13 UTC
pass beaker test (j:25547)

Comment 10 Clifford Perry 2010-10-28 14:54:39 UTC
The 5.4.0 RHN Satellite and RHN Proxy release has occurred. This issue has been resolved with this release. 


RHEA-2010:0801 - RHN Satellite Server 5.4.0 Upgrade
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10332

RHEA-2010:0803 - RHN Tools enhancement update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10333

RHEA-2010:0802 - RHN Proxy Server 5.4.0 bug fix update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10334

RHEA-2010:0800 - RHN Satellite Server 5.4.0
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10335

Docs are available:

http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html 

Regards,
Clifford