Found a public bug report, not sure much attention 'medium' severity gets? https://bugzilla.redhat.com/show_bug.cgi?id=1161288
On 14/11/2014 15:15, Stuart Green wrote: > > Many thanks for highlighting the work around, bit of a nightmare bug > this when the client boxes are not remote executable! > > I assume if satellite support are working on it, theres a internal > redhat internal view only bug? > > On 13/11/2014 18:59, Andy Ingham wrote: >> Scratch that last post. :) >> >> I think I'm mistaken, and the setting WILL persist across reboots ... >> >> Andy >> >> From: Andy Ingham <[email protected]<mailto:[email protected]>> >> Reply-To: "[email protected]<mailto:[email protected]>" >> <[email protected]<mailto:[email protected]>> >> Date: Thursday, November 13, 2014 at 1:38 PM >> To: "[email protected]<mailto:[email protected]>" >> <[email protected]<mailto:[email protected]>> >> Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 >> clients that have SELinux in enforcing mode >> >> This is a fine workaround EXCEPT be aware that it does NOT persist across >> reboots. >> >> That is, you'll have to re-run the command after every reboot. (I'm hoping >> someone can indicate that I'm wrong on this, but I don't see a "persistent" >> option for that command). >> >> Andy >> >> From: ndegz <[email protected]<mailto:[email protected]>> >> Reply-To: "[email protected]<mailto:[email protected]>" >> <[email protected]<mailto:[email protected]>>, >> "[email protected]<mailto:[email protected]>" >> <[email protected]<mailto:[email protected]>> >> Date: Friday, November 7, 2014 at 3:18 PM >> To: "[email protected]<mailto:[email protected]>" >> <[email protected]<mailto:[email protected]>> >> Subject: Re: [Spacewalk-list] CentOS 6.6 upgrade breaks osad on SW 2.1 >> clients that have SELinux in enforcing mode >> >> Ran into the same issue and found this blog post >> Short tip: osad: Unable to connect to the host and port specified (EL6.6 + >> EL7)<http://blog.christian-stankowic.de/?p=6341&lang=en> >> >> semanage permissive -a osad_t >> >> >> >> >> On Thu, Nov 6, 2014 at 12:59 PM, Kevin Sandy >> <[email protected]<mailto:[email protected]>> wrote: >> I've been seeing this as well. Clients are on CentOS 6.6 with Spacewalk >> 2.2. I've had to put SELinux in permissive mode for now. >> >> >> -- kevin >> >> >> >> On Nov 6, 2014, at 12:48 PM, Andy Ingham >> <[email protected]<mailto:[email protected]>> wrote: >> >> Ever since updating from CentOS 6.5 > 6.6, my servers (which are all at >> spacewalk client version 2.1) are showing: >> >> >> +++++++++++++++++++++++++ >> SELinux is preventing /usr/bin/python from name_connect access on the >> tcp_socket . >> >> ***** Plugin catchall (100. confidence) suggests >> *************************** >> >> If you believe that python should be allowed name_connect access on the >> tcp_socket by default. >> Then you should report this as a bug. >> You can generate a local policy module to allow this access. >> Do >> allow this access for now by executing: >> # grep osad /var/log/audit/audit.log | audit2allow -M mypol >> # semodule -i mypol.pp >> +++++++++++++++++++++++++ >> >> >> >> >> >> And FWIW, attempting to mitigate by adding a local policy (as the above >> notice instructs) ALSO FAILS: >> >> [root@HOSTNAME local_policy]# semodule -i osad.pp >> libsepol.print_missing_requirements: osad's global requirements were not >> met: type/attribute osad_t (No such file or directory). >> libsemanage.semanage_link_sandbox: Link packages failed (No such file or >> directory). >> semodule: Failed! >> >> >> >> >> >> Is this a known issue? >> >> >> Andy >> >> Andy Ingham >> IT Infrastructure >> Fuqua School of Business >> Duke University >> >> >> >> >> >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected]<mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected]<mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> >> >> >> >> _______________________________________________ >> Spacewalk-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/spacewalk-list >> >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
