Description of problem: When rhnpush-ing packages to RHN Satellite 5.4.1 the error is generated to the /var/log/httpd/error_log. This is introduced by the change in selinux policy, which does no longer allow apache to look up /var/lib/rpm Version-Release number of selected component (if applicable): Satellite 5.4.1 on RHEL6.1 spacewalk-backend-1.2.13-44 selinux-policy-targeted-3.7.19-85 spacewalk-selinux-1.2.1-2 How reproducible: deterministic Steps to Reproduce: 1. watch /var/log/httpd/error_log 2. rhnpush some arbitrary package 3. Actual results: error: cannot open Packages database in /var/lib/rpm Expected results: No error during a package push. Additional info: This is a regression against RHN Satellite 5.4.0.
Dontaudited in SATELLITE-5.4, 909648368f86c2aaac879b75522362cafd7066a5.
Moving back to assigned: The bug description, says nothing about the auditing, but it mentioned the consequence of 909648368f86c2aaac879b75522362cafd7066a5, which is the error upper mentioned in the error_log. # rpm -q spacewalk-selinux spacewalk-selinux-1.2.1-2.el6sat.noarch # grep -lir 'error: cannot open Packages database in /var/lib/rpm' \ /var/log/httpd/* /var/log/httpd/error_log /var/log/httpd/error_log.4
Ahá.
Fixed in Spaceawlk master, cb1e1d3754c79ff4c7f71c5b9611608febb7e2c0. We now steer the rpm transaction to create a database in /var/cache/rhn/rhnpush-rpmdb if it so wishes to have one.
Cherry picked to SATELLITE-5.4: a2292b882de0589687183bab2b56cfd54634f294. Tagged and built as spacewalk-backend-1.2.13-50.
Changing to Verified: Testing procedure: After full automation on Satellite 5.4.1 there is no such error in /var/log/httpd/* Verified against: Satellite 5.4.1 re20110517.0 spacewalk-backend-1.2.13-50.el6sat.noarch
Verified in stage w/ spacewalk-backend-1.2.13-52 -> release pending.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. https://rhn.redhat.com/errata/RHEA-2011-0875.html