Many thanks for highlighting the work around, bit of a nightmare bug this when the client boxes are not remote executable!
I assume if satellite support are working on it, theres a internal redhat internal view only bug? On 13/11/2014 18:59, Andy Ingham wrote: > Scratch that last post. :) > > I think I'm mistaken, and the setting WILL persist across reboots ... > > Andy > > From: Andy Ingham <[email protected]<mailto:[email protected]>> > Reply-To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Date: Thursday, November 13, 2014 at 1:38 PM > To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 > clients that have SELinux in enforcing mode > > This is a fine workaround EXCEPT be aware that it does NOT persist across > reboots. > > That is, you'll have to re-run the command after every reboot. (I'm hoping > someone can indicate that I'm wrong on this, but I don't see a "persistent" > option for that command). > > Andy > > From: ndegz <[email protected]<mailto:[email protected]>> > Reply-To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>>, > "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Date: Friday, November 7, 2014 at 3:18 PM > To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 > clients that have SELinux in enforcing mode > > Ran into the same issue and found this blog post > Short tip: osad: Unable to connect to the host and port specified (EL6.6 + > EL7)<http://blog.christian-stankowic.de/?p=6341&lang=en> > > semanage permissive -a osad_t > > > > > On Thu, Nov 6, 2014 at 12:59 PM, Kevin Sandy > <[email protected]<mailto:[email protected]>> wrote: > I've been seeing this as well. Clients are on CentOS 6.6 with Spacewalk 2.2. > I've had to put SELinux in permissive mode for now. > > > -- kevin > > > > On Nov 6, 2014, at 12:48 PM, Andy Ingham > <[email protected]<mailto:[email protected]>> wrote: > > Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at > spacewalk client version 2.1) are showing: > > > +++++++++++++++++++++++++ > SELinux is preventing /usr/bin/python from name_connect access on the > tcp_socket . > > ***** Plugin catchall (100. confidence) suggests > *************************** > > If you believe that python should be allowed name_connect access on the > tcp_socket by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep osad /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > +++++++++++++++++++++++++ > > > > > > And FWIW, attempting to mitigate by adding a local policy (as the above > notice instructs) ALSO FAILS: > > [root@HOSTNAME local_policy]# semodule -i osad.pp > libsepol.print_missing_requirements: osad's global requirements were not > met: type/attribute osad_t (No such file or directory). > libsemanage.semanage_link_sandbox: Link packages failed (No such file or > directory). > semodule: Failed! > > > > > > Is this a known issue? > > > Andy > > Andy Ingham > IT Infrastructure > Fuqua School of Business > Duke University > > > > > > > _______________________________________________ > Spacewalk-list mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/spacewalk-list > > > _______________________________________________ > Spacewalk-list mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/spacewalk-list > > > > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
