Description of problem: Version-Release number of selected component (if applicable): satellite-schema-5.3.0.23-1.el4sat spacewalk-backend-0.5.28-59.1.el4sat selinux-policy-targeted-1.17.30-2.152.el4 How reproducible: always Steps to Reproduce: 1. Install satellite 530 on latest rhel4 2. 3. Actual results: audit(1291623873.436:3): avc: denied { read } for pid=13117 comm="httpd" name="[117497]" dev=pipefs ino=117497 scontext=root:system_r:httpd_t tcontext=root:system_r:unconfined_t tclass=fifo_file audit(1291623874.455:4): avc: denied { ioctl } for pid=13117 comm="httpd" name="[117497]" dev=pipefs ino=117497 scontext=root:system_r:httpd_t tcontext=root:system_r:unconfined_t tclass=fifo_file audit(1291623874.793:5): avc: denied { write } for pid=13117 comm="httpd" name="jk-runtime-status.13117" dev=dm-0 ino=5620748 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t tclass=file audit(1291623874.960:6): avc: denied { unlink } for pid=13117 comm="httpd" name="jk-runtime-status.13117.lock" dev=dm-0 ino=5620749 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t tclass=file audit(1291623875.290:7): avc: denied { execute } for pid=13137 comm="httpd" name="satidmap.pl" dev=dm-0 ino=1805552 scontext=root:system_r:httpd_t tcontext=system_u:object_r:etc_t tclass=file audit(1291623875.308:8): avc: denied { execute_no_trans } for pid=13137 comm="httpd" name="satidmap.pl" dev=dm-0 ino=1805552 scontext=root:system_r:httpd_t tcontext=system_u:object_r:etc_t tclass=file Expected results: Additional info: This problem affects only Satellites 530 on RHEL4
Taking.
Šimon, any SELinux features are only supported on RHEL 5+. On RHEL 4, there are and there will be AVC denials because we do not ship any policy there, we never addressed them on RHEL 4. I'm going to WONTFIX this bugzilla now, reopen if you disagree.