This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 855885 - Clearing the rhn-proxy auth cache by removing folder /var/cache/rhn/proxy-auth on EL5 is not un option.
Clearing the rhn-proxy auth cache by removing folder /var/cache/rhn/proxy-au...
Status: CLOSED NOTABUG
Product: Red Hat Satellite Proxy 5
Classification: Red Hat
Component: Server (Show other bugs)
550
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Michael Mráka
Red Hat Satellite QA List
:
Depends On:
Blocks: 819027
  Show dependency treegraph
 
Reported: 2012-09-10 10:12 EDT by Dimitar Yordanov
Modified: 2012-11-27 08:34 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-21 05:09:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Dimitar Yordanov 2012-09-10 10:12:42 EDT
Description of problem:
In case  /var/cache/rhn/proxy-auth is removed on EL5 the rhn-proxy is not able to create it again due to SElinux denial. This cause that rhn-proxy can not save its authentication token.

Easy workaround:

mkdir /var/cache/rhn/proxy-auth
chown apache:root /var/cache/rhn/proxy-auth
restorecon /var/cache/rhn/proxy-auth


Version-Release number of selected component (if applicable):
RHN-Proxy EL5 [5.4|5.5]

How reproducible:
100%

Steps to Reproduce:
1. Install RHN-Proxy on EL5 and activate it to Satellite.
2. Register a system to the RHN-Proxy (should pass).
3. Remove /var/cache/rhn/proxy-auth  on the system where RHN-Proxy runs.

  rm -fr /var/cache/rhn/proxy-auth

4. Try to register some system to RHN-Proxy once again (should fail).

Actual results:

type=AVC msg=audit(1347285180.433:221): avc:  denied  { write } for  pid=17915 comm="httpd" name="rhn" dev=dm-0 ino=77889933 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1347285180.433:221): avc:  denied  { add_name } for  pid=17915 comm="httpd" name="proxy-auth" scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1347285180.433:221): avc:  denied  { create } for  pid=17915 comm="httpd" name="proxy-auth" scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1347285180.433:221): arch=c000003e syscall=83 success=yes exit=0 a0=2b484c46f9d0 a1=1ed a2=2b4847e7a438 a3=2 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1347285180.433:222): avc:  denied  { setattr } for  pid=17915 comm="httpd" name="proxy-auth" dev=dm-0 ino=77955440 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1347285180.433:222): arch=c000003e syscall=92 success=no exit=-1 a0=2b484c46f9d0 a1=30 a2=0 a3=2 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1347285180.433:223): avc:  denied  { write } for  pid=17915 comm="httpd" name="proxy-auth" dev=dm-0 ino=77955440 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1347285180.433:223): avc:  denied  { add_name } for  pid=17915 comm="httpd" name="p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1347285180.433:223): avc:  denied  { create } for  pid=17915 comm="httpd" name="p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1347285180.433:223): arch=c000003e syscall=2 success=yes exit=18 a0=2b484ca6f000 a1=c1 a2=1a4 a3=6637343936376462 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1347285180.433:224): avc:  denied  { getattr } for  pid=17915 comm="httpd" path="/var/cache/rhn/proxy-auth/p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" dev=dm-0 ino=77955441 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1347285180.433:224): arch=c000003e syscall=4 success=yes exit=0 a0=2b484ca5dc70 a1=7fff1f41cb30 a2=7fff1f41cb30 a3=6637343936376462 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1347285180.433:225): avc:  denied  { lock } for  pid=17915 comm="httpd" path="/var/cache/rhn/proxy-auth/p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" dev=dm-0 ino=77955441 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1347285180.433:225): arch=c000003e syscall=72 success=yes exit=0 a0=12 a1=7 a2=7fff1f41cc90 a3=2b484c4a8428 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1347285180.433:226): avc:  denied  { write } for  pid=17915 comm="httpd" path="/var/cache/rhn/proxy-auth/p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" dev=dm-0 ino=77955441 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1347285180.433:226): arch=c000003e syscall=1 success=yes exit=104 a0=12 a1=2b484f4dc000 a2=68 a3=6f632e7461686465 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1347285187.253:227): avc:  denied  { read } for  pid=17918 comm="httpd" name="p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" dev=dm-0 ino=77955441 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1347285187.253:227): arch=c000003e syscall=21 success=yes exit=0 a0=2b484895b910 a1=4 a2=2b4847e7a438 a3=6637343936376462 items=0 ppid=17876 pid=17918 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)

Exception Handler Information
Traceback (most recent call last):
  File "/usr/share/rhn/proxy/rhnProxyAuth.py", line 149, in set_cached_token
    shelf[self.__cache_proxy_key()] = token
  File "/usr/share/rhn/proxy/rhnProxyAuth.py", line 399, in __setitem__
    return rhnCache.set(rkey, val)
  File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 85, in set
    cache.set(name, value, modified, user, group, mode)
  File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 373, in set
    self.cache.set(name, pickled, modified, user, group, mode)
  File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 259, in set
    fd = self.set_file(name, modified, user, group, mode)
  File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 296, in set_file
    fd = WriteLockedFile(name, modified, user, group, mode)
  File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 184, in __init__
    self.fd = self.get_fd(name, user, group, mode)
  File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 229, in get_fd
    fd = _safe_create(self.fname, user, group, mode)
  File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 136, in _safe_create
    makedirs(dirname, mode, user, group)
  File "/usr/lib/python2.4/site-packages/spacewalk/common/fileutils.py", line 253, in makedirs
    os.mkdir(dirname, mode)
OSError: [Errno 13] Permission denied: '/var/cache/rhn/proxy-auth'

Expected results:
/var/cache/rhn/proxy-auth  is recreated as it is on EL6.



#ll -Z /var/cache/rhn/proxy-auth/
-rw-r--r--  apache apache root:object_r:spacewalk_proxy_cache_t 1000010028
-rw-r--r--  apache apache root:object_r:spacewalk_proxy_cache_t p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e
# ll -Zd /var/cache/rhn/proxy-auth/
drwxr-x---  apache root system_u:object_r:spacewalk_proxy_cache_t /var/cache/rhn/proxy-auth/
# ll -Zd /var/cache/rhn
drwxr-x---  apache root system_u:object_r:var_t          /var/cache/rhn

Additional info:

Note You need to log in before you can comment on or make changes to this bug.