Olli Rajala: > Hi, > We had working PAM authentication in our Spacewalk 2.6 running on CentOS > 7.4.1708, and it was updated + rebooted today. After some update during > autumn PAM authentication stopped working. Unfortunately I can't be more > specific. I know when it worked (24.7.2017), but not when it stopped. > Another instance of Spacewalk 2.6 on CentOS 6.9 seems to work just fine, so > this is related to CentOS 7. > > The issue is the same as described in this post: > https://www.redhat.com/archives/spacewalk-list/2017-September/msg00007.html > > Raw Audit Messages > type=AVC msg=audit(1514881078.526:6091): avc: denied { create } for > pid=1037 comm="java" scontext=system_u:system_r:tomcat_t:s0 > tcontext=system_u:system_r:tomcat_t:s0 tclass=netlink_audit_socket > > SELinux is preventing > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el7_4.x86_64/jre/bin/java > from getattr access on the direry /var/log/rhn. > > $ rpm -qa | grep spacewalk-selinux > spacewalk-selinux-2.3.2-1.el7.noarch > > Any ideas? Disabling SELinux is not a possibility.
Hello Olli, This issue has been already fixed in Spacewalk 2.7 (together with number of other tomcat_t issues). Is there a specific reason why you are usingolder (and unsupported) version? > Luckily we can login with local accounts, but would prefer PAM > authentication. > > BR, > -- > Olli Rajala > Finland Regards, -- Michael Mráka System Management Engineering, Red Hat _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
