Description of problem: In case /var/cache/rhn/proxy-auth is removed on EL5 the rhn-proxy is not able to create it again due to SElinux denial. This cause that rhn-proxy can not save its authentication token. Easy workaround: mkdir /var/cache/rhn/proxy-auth chown apache:root /var/cache/rhn/proxy-auth restorecon /var/cache/rhn/proxy-auth Version-Release number of selected component (if applicable): RHN-Proxy EL5 [5.4|5.5] How reproducible: 100% Steps to Reproduce: 1. Install RHN-Proxy on EL5 and activate it to Satellite. 2. Register a system to the RHN-Proxy (should pass). 3. Remove /var/cache/rhn/proxy-auth on the system where RHN-Proxy runs. rm -fr /var/cache/rhn/proxy-auth 4. Try to register some system to RHN-Proxy once again (should fail). Actual results: type=AVC msg=audit(1347285180.433:221): avc: denied { write } for pid=17915 comm="httpd" name="rhn" dev=dm-0 ino=77889933 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir type=AVC msg=audit(1347285180.433:221): avc: denied { add_name } for pid=17915 comm="httpd" name="proxy-auth" scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir type=AVC msg=audit(1347285180.433:221): avc: denied { create } for pid=17915 comm="httpd" name="proxy-auth" scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=dir type=SYSCALL msg=audit(1347285180.433:221): arch=c000003e syscall=83 success=yes exit=0 a0=2b484c46f9d0 a1=1ed a2=2b4847e7a438 a3=2 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1347285180.433:222): avc: denied { setattr } for pid=17915 comm="httpd" name="proxy-auth" dev=dm-0 ino=77955440 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=dir type=SYSCALL msg=audit(1347285180.433:222): arch=c000003e syscall=92 success=no exit=-1 a0=2b484c46f9d0 a1=30 a2=0 a3=2 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1347285180.433:223): avc: denied { write } for pid=17915 comm="httpd" name="proxy-auth" dev=dm-0 ino=77955440 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=dir type=AVC msg=audit(1347285180.433:223): avc: denied { add_name } for pid=17915 comm="httpd" name="p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=dir type=AVC msg=audit(1347285180.433:223): avc: denied { create } for pid=17915 comm="httpd" name="p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file type=SYSCALL msg=audit(1347285180.433:223): arch=c000003e syscall=2 success=yes exit=18 a0=2b484ca6f000 a1=c1 a2=1a4 a3=6637343936376462 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1347285180.433:224): avc: denied { getattr } for pid=17915 comm="httpd" path="/var/cache/rhn/proxy-auth/p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" dev=dm-0 ino=77955441 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file type=SYSCALL msg=audit(1347285180.433:224): arch=c000003e syscall=4 success=yes exit=0 a0=2b484ca5dc70 a1=7fff1f41cb30 a2=7fff1f41cb30 a3=6637343936376462 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1347285180.433:225): avc: denied { lock } for pid=17915 comm="httpd" path="/var/cache/rhn/proxy-auth/p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" dev=dm-0 ino=77955441 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file type=SYSCALL msg=audit(1347285180.433:225): arch=c000003e syscall=72 success=yes exit=0 a0=12 a1=7 a2=7fff1f41cc90 a3=2b484c4a8428 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1347285180.433:226): avc: denied { write } for pid=17915 comm="httpd" path="/var/cache/rhn/proxy-auth/p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" dev=dm-0 ino=77955441 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file type=SYSCALL msg=audit(1347285180.433:226): arch=c000003e syscall=1 success=yes exit=104 a0=12 a1=2b484f4dc000 a2=68 a3=6f632e7461686465 items=0 ppid=17876 pid=17915 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1347285187.253:227): avc: denied { read } for pid=17918 comm="httpd" name="p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e" dev=dm-0 ino=77955441 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0 tclass=file type=SYSCALL msg=audit(1347285187.253:227): arch=c000003e syscall=21 success=yes exit=0 a0=2b484895b910 a1=4 a2=2b4847e7a438 a3=6637343936376462 items=0 ppid=17876 pid=17918 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null) Exception Handler Information Traceback (most recent call last): File "/usr/share/rhn/proxy/rhnProxyAuth.py", line 149, in set_cached_token shelf[self.__cache_proxy_key()] = token File "/usr/share/rhn/proxy/rhnProxyAuth.py", line 399, in __setitem__ return rhnCache.set(rkey, val) File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 85, in set cache.set(name, value, modified, user, group, mode) File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 373, in set self.cache.set(name, pickled, modified, user, group, mode) File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 259, in set fd = self.set_file(name, modified, user, group, mode) File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 296, in set_file fd = WriteLockedFile(name, modified, user, group, mode) File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 184, in __init__ self.fd = self.get_fd(name, user, group, mode) File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 229, in get_fd fd = _safe_create(self.fname, user, group, mode) File "/usr/lib/python2.4/site-packages/spacewalk/common/rhnCache.py", line 136, in _safe_create makedirs(dirname, mode, user, group) File "/usr/lib/python2.4/site-packages/spacewalk/common/fileutils.py", line 253, in makedirs os.mkdir(dirname, mode) OSError: [Errno 13] Permission denied: '/var/cache/rhn/proxy-auth' Expected results: /var/cache/rhn/proxy-auth is recreated as it is on EL6. #ll -Z /var/cache/rhn/proxy-auth/ -rw-r--r-- apache apache root:object_r:spacewalk_proxy_cache_t 1000010028 -rw-r--r-- apache apache root:object_r:spacewalk_proxy_cache_t p1000010027130841d37ca1c6d56dfc3a2bd76947f45711803e # ll -Zd /var/cache/rhn/proxy-auth/ drwxr-x--- apache root system_u:object_r:spacewalk_proxy_cache_t /var/cache/rhn/proxy-auth/ # ll -Zd /var/cache/rhn drwxr-x--- apache root system_u:object_r:var_t /var/cache/rhn Additional info: