Scratch that last post. :) I think I'm mistaken, and the setting WILL persist across reboots ...
Andy From: Andy Ingham <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, November 13, 2014 at 1:38 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode This is a fine workaround EXCEPT be aware that it does NOT persist across reboots. That is, you'll have to re-run the command after every reboot. (I'm hoping someone can indicate that I'm wrong on this, but I don't see a "persistent" option for that command). Andy From: ndegz <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Friday, November 7, 2014 at 3:18 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 clients that have SELinux in enforcing mode Ran into the same issue and found this blog post Short tip: osad: Unable to connect to the host and port specified (EL6.6 + EL7)<http://blog.christian-stankowic.de/?p=6341&lang=en> semanage permissive -a osad_t On Thu, Nov 6, 2014 at 12:59 PM, Kevin Sandy <[email protected]<mailto:[email protected]>> wrote: I've been seeing this as well. Clients are on CentOS 6.6 with Spacewalk 2.2. I've had to put SELinux in permissive mode for now. -- kevin On Nov 6, 2014, at 12:48 PM, Andy Ingham <[email protected]<mailto:[email protected]>> wrote: Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at spacewalk client version 2.1) are showing: +++++++++++++++++++++++++ SELinux is preventing /usr/bin/python from name_connect access on the tcp_socket . ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python should be allowed name_connect access on the tcp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep osad /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp +++++++++++++++++++++++++ And FWIW, attempting to mitigate by adding a local policy (as the above notice instructs) ALSO FAILS: [root@HOSTNAME local_policy]# semodule -i osad.pp libsepol.print_missing_requirements: osad's global requirements were not met: type/attribute osad_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Is this a known issue? Andy Andy Ingham IT Infrastructure Fuqua School of Business Duke University _______________________________________________ Spacewalk-list mailing list [email protected]<mailto:[email protected]> https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected]<mailto:[email protected]> https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
