Unfortunately this for us is not the cause : we have SELinux running in permissive mode thus it can't be blocking anything.
Also your audit2allow command did not find anything Regards Jan-Albert Jan-Albert van Ree | Linux System Administrator | MARIN Support Group MARIN | T +31 317 49 35 48 | j.a.v....@marin.nl<mailto:j.a.v....@marin.nl> | www.marin.nl<http://www.marin.nl> [LinkedIn]<https://www.linkedin.com/company/marin> [YouTube] <http://www.youtube.com/marinmultimedia> [Twitter] <https://twitter.com/MARIN_nieuws> [Facebook] <https://www.facebook.com/marin.wageningen> MARIN news: Verification and validation study of CFD simulations for the flow around a tug<http://www.marin.nl/web/News/News-items/Verification-and-validation-study-of-CFD-simulations-for-the-flow-around-a-tug.htm> ________________________________ From: spacewalk-list-boun...@redhat.com <spacewalk-list-boun...@redhat.com> on behalf of Bruce Wainer <br...@brucewainer.com> Sent: Friday, October 20, 2017 07:47 To: spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] 2.7 Schedule issue I fixed the issue I was having via reviewing the SELinux log and using audit2allow to make a new SELinux policy (Section 7 of https://wiki.centos.org/HowTos/SELinux ). It appears that the 2.6 -> 2.7 upgrade process didn't get everything set properly. (This Tomcat install is also running Unimus, which was also facing some SELinux issues, so I don't know for sure which of these rules were due to Spacewalk and which are due to Unimus. It probably wasn't recommended to drop the Unimus WAR into the Spacewalk Tomcat install, but so far I've had no issues other than the Spacewalk Tomcat config only listens on localhost for port 8080) ~]# grep comm=\"java\" /var/log/audit/audit.log | grep type=AVC | audit2allow -m tomcat2 > tomcat2.te ~]# cat tomcat2.te module tomcat2 1.0; require { type var_log_t; type tomcat_t; type spacewalk_data_t; type smtp_port_t; type var_run_t; type etc_t; type spacewalk_log_t; class tcp_socket name_connect; class dir { add_name getattr remove_name search write }; class file { append create open read rename unlink write }; } #============= tomcat_t ============== allow tomcat_t etc_t:dir { add_name remove_name write }; allow tomcat_t etc_t:file rename; allow tomcat_t etc_t:file { append create unlink write }; allow tomcat_t smtp_port_t:tcp_socket name_connect; allow tomcat_t spacewalk_data_t:dir search; allow tomcat_t spacewalk_log_t:dir { getattr search }; allow tomcat_t spacewalk_log_t:file { open read }; allow tomcat_t var_log_t:file open; allow tomcat_t var_run_t:file read; ~]# grep comm=\"java\" /var/log/audit/audit.log | grep type=AVC | audit2allow -M tomcat2 ~]# semodule -i tomcat2.pp ~]#systemctl restart tomcat Hopefully this helps some people out, and the devs can look at these and see what needs to be added to the upgrade process. Bruce Wainer On Thu, Oct 19, 2017 at 10:34 AM, Bruce Wainer <br...@brucewainer.com<mailto:br...@brucewainer.com>> wrote: I’m experiencing the same after upgrading, except for me it is on the “Repositories > Sync” page for every software channel. Where/how do I get the traceback? And if it is an ACL issue, how do I go about fixing it? This system is stock CentOS and I have only ever followed the instructions for installing SpaceWalk on it. Bruce On Oct 17, 2017, at 4:36 PM, Wood, Brendan <brendan.w...@mercy.net<mailto:brendan.w...@mercy.net>> wrote: (Just upgraded to 2.7 from 2.6) Via the web interface, looking at the Schedule tab, I can open the Pending/Failed/Completed/etc Actions pages, but if I try to click on any of the actions that are pending/failed/completed I get an “Internal server error” and the traceback sent to me read: Attribute Names = rhnActiveLang, org.apache.struts.action.MESSAGE, org.apache.struts.action.mapping.instance, requestedUri, session, javax.servlet.request.key_size, org.apache.struts.action.MODULE, org.apache.struts.globals.ORIGINAL_URI_KEY, actionname, javax.servlet.request.cipher_suite, javax.servlet.jsp.jstl.fmt.timeZone.request, action, pageList, user, User Information: User admin (id 1, org_id 1) Exception: javax.servlet.ServletException: javax.servlet.jsp.JspException: Error writing to JSP file: at org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:858) at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:791) at org.apache.jsp.WEB_002dINF.pages.schedule.completedsystems_jsp._jspService(Unknown Source) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302) at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1083) at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:396) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:232) at com.redhat.rhn.frontend.struts.RhnRequestProcessor.process(RhnRequestProcessor.java:105) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1926) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:451) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.AuthFilter.doFilter(AuthFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.LocalizedEnvironmentFilter.doFilter(LocalizedEnvironmentFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.EnvironmentFilter.doFilter(EnvironmentFilter.java:101) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.SessionFilter.doFilter(SessionFilter.java:57) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:97) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:299) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:748) Caused by: com.redhat.rhn.common.MethodInvocationException: IllegalInvocationException calling aclGenericActionType ("generic_action_type(remove)"): null at com.redhat.rhn.common.security.acl.Acl.evalAcl(Acl.java:491) at com.redhat.rhn.frontend.nav.AclGuard.canRender(AclGuard.java:69) at com.redhat.rhn.frontend.nav.RenderGuardComposite.canRender(RenderGuardComposite.java:49) at com.redhat.rhn.frontend.nav.Renderable.canRender(Renderable.java:126) at com.redhat.rhn.frontend.nav.DialognavRenderer.navNodeInactive(DialognavRenderer.java:102) at com.redhat.rhn.frontend.nav.RenderEngine.renderLevel(RenderEngine.java:96) at com.redhat.rhn.frontend.nav.RenderEngine.render(RenderEngine.java:58) at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.render(RenderUtils.java:148) at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.renderNavigationMenu(RenderUtils.java:132) at com.redhat.rhn.frontend.taglibs.helpers.RenderUtils.renderNavigationMenu(RenderUtils.java:73) at com.redhat.rhn.frontend.taglibs.NavMenuTag.doStartTag(NavMenuTag.java:52) at org.apache.jsp.WEB_002dINF.pages.schedule.completedsystems_jsp._jspx_meth_rhn_005fdialogmenu_005f0(Unknown Source) ... 51 more Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.redhat.rhn.common.security.acl.Acl.evalAcl(Acl.java:469) ... 62 more Caused by: org.hibernate.LazyInitializationException: could not initialize proxy - no Session at org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:167) at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:215) at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:190) at com.redhat.rhn.domain.action.ActionType_$$_javassist_133.equals(ActionType_$$_javassist_133.java) at com.redhat.rhn.domain.action.ActionFactory.checkActionArchType(ActionFactory.java:602) at com.redhat.rhn.common.security.acl.action.ActionAclHandler.aclGenericActionType(ActionAclHandler.java:52) ... 67 more Anyone have any ideas how to fix this? This electronic mail and any attached documents are intended solely for the named addressee(s) and contain confidential information. If you are not an addressee, or responsible for delivering this email to an addressee, you have received this email in error and are notified that reading, copying, or disclosing this email is prohibited. If you received this email in error, immediately reply to the sender and delete the message completely from your computer system. _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
