|
Hi,
I believe that it would be easier if you attach update log. You
can use `yum history` for that purpose.
First solution:
This is lucky guess, but selinux-policy* was probably updated,
you can always try downgrading.
Second solution:
Note that below solution is quite bruteforce :)
Install setroubleshoot-server.
sealert -a /var/log/audit/audit.log would give you recipe for
new SELinux policy.
As said before - it's not the best solution (you will probably
need repeat sealert)
I know that both of them are much more like hot patching instead
of resolving root cause, but this is what comes to my mind.
Bests,
Alex
On 01/02/2018 10:40 AM, Olli Rajala
wrote:
Hi,
We had working PAM authentication in our Spacewalk 2.6
running on CentOS 7.4.1708, and it was updated + rebooted
today. After some update during autumn PAM authentication
stopped working. Unfortunately I can't be more specific. I
know when it worked (24.7.2017), but not when it stopped.
Another instance of Spacewalk 2.6 on CentOS 6.9 seems to
work just fine, so this is related to CentOS 7.
The issue is the same as described in this post: https://www.redhat.com/archives/spacewalk-list/2017-September/msg00007.html
Raw Audit Messages
type=AVC msg=audit(1514881078.526:6091): avc: denied {
create } for pid=1037 comm="java"
scontext=system_u:system_r:tomcat_t:s0
tcontext=system_u:system_r:tomcat_t:s0
tclass=netlink_audit_socket
SELinux is preventing
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el7_4.x86_64/jre/bin/java
from getattr access on the direry /var/log/rhn.
$ rpm -qa | grep spacewalk-selinux
spacewalk-selinux-2.3.2-1.el7.noarch
Any ideas? Disabling SELinux is not a possibility.
Luckily we can login with local accounts, but would prefer PAM
authentication.
BR,
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
--
Aleksander Baranowski
System
Engineer / DevOps
|
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
