The BoKS SELinux policy modules are now provided via the boks-selinux RPM. This RPM interferes with the SELinux policy modules shipping with previous hotfixes for BoKS 6.7.0, and the ones shipping with BoKS 6.7.1.
The suexec program fails to execute the target program because it tries to run it in the wrong SELinux domain.
Resolution / Workaround
To resolve this, download and install hotfix HFBM-0167, available from the HelpSystems Community Portal.
This hotfix provides updated files that work with the new way of distributing the BoKS SELinux policy modules. For BoKS 6.7.1 it removes the SELinux policy modules shipped with that release.
The suexec program is updated to run the target program in the same domain as the user running suexec (typically this is unconfined_t).
This hotfix replaces the following hotfixes: HFBM-0038, HFBM-0061, HFBM-0098
The boks-selinux RPM must be installed before installing this hotfix.
For BoKS 6.7.0, the hotfixes 0038, 0061 and 0098 must not be installed when installing this hotfix.
If the hotfix is installed in the product before setup has been called, the following error message will be issued:
sh: /opt/boksm/sbin/setup_selinux.sh: No such file or directory
The error is harmless and can be ignored as the missing utility script has been obsoleted by this hotfix.
The SELinux policy RPMs are available for download on the HelpSystems Community Portal.