On Tue, Dec 01, 2009 at 09:47:29PM +0100, George wrote:
> Making a backup of spacewalk database:
>
> environment: centos 5.3 running spacewalk 0.6 (according to
> /etc/spacewalk-release: spacewalk release 0.6.4 (Alpha))
[...]
> When trying to run backup script:
> $
> /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/config/scripts/backup.sh
[...]
> which translates into:
>
> #============= oracle_db_t ==============
> allow oracle_db_t sbin_t:dir { search getattr };
> allow oracle_db_t tmp_t:file { read write ioctl };
> allow oracle_db_t unconfined_t:process signull;
>
> #============= oracle_sqlplus_t ==============
> allow oracle_sqlplus_t httpd_sys_content_t:dir search;
> allow oracle_sqlplus_t sbin_t:dir { search getattr };
> allow oracle_sqlplus_t tmp_t:file write;
>
>
> at this time ofcourse my backup worked ...
> anyone can check these findings and confirm?
George,
with the following packages
oracle-instantclient-sqlplus-selinux-10.2-17.el5
oracle-nofcontext-selinux-0.1-23.13.el5
oracle-instantclient-selinux-10.2-17.el5
oracle-xe-selinux-10.2-15.el5
from Spacewalk 0.7, none of the above happens, so I assume we've fixed
it for 0.7.
> also a note:
> I see a lot of selinux messages like described (and probably patched) on
> this page:
> http://git.fedorahosted.org/git/?p=spacewalk.git;a=commitdiff;h=f73e3d94c589a634a972ac1d86583d5a34635836
Yes, I do see
allow oracle_db_t self:process ptrace;
allow oracle_db_t unconfined_t:process signull;
issues on my system, even if the ptrace is allowed in the policy module.
I'll try to investigated.
Luckily, these do not seem to affect the backup operation.
Yours,
--
Jan Pazdziora
Principal Software Engineer, Satellite Engineering, Red Hat
_______________________________________________
Spacewalk-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-devel
