This article applies to BoKS Manager 7.0.0.

For BoKS Manager 6.7.0 and 6.7.1, see Hotfix: Support for BoKS SELinux policy via RPM (HFBM-0167).

Description

  1. The BoKS SELinux policy modules are now provided via the boks-selinux RPM. This RPM interferes with the SELinux policy modules shipping with BoKS 7.0.
  2. The suexec program fails to execute the target program because it tries to run it in the wrong SELinux domain.


Resolution / Workaround

To resolve these issues, first install the BoKS SELinux policy RPM for your RedHat version from the HelpSystems Community Portal, then apply hotfix HFBM-0166, also available for download from the Community Portal.

  1. This hotfix removes the SELinux policy modules shipped with BoKS 7.0, and provides updated files that work with the new way of distributing the BoKS SELinux policy modules.
  2. The suexec program is updated to run the target program in the same domain as the user running suexec (typically this is unconfined_t).

Notes:

Installing this hotfix will remove the existing SELinux policy modules, and the associated script "setup_selinux.sh". This hotfix, together with the RPM, replace them.

If the hotfix is installed in the product before setup has been called, the following error message will be issued:

     sh: /opt/boksm/sbin/setup_selinux.sh: No such file or directory

The error is harmless and can be ignored as the missing utility script has been obsoleted by this hotfix.

The original SELinux policy modules, and the associated script "setup_selinux.sh", are restored when uninstalling this hotfix.

The SELinux policy RPMs are available for download on the HelpSystems Community Portal.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: July 10, 2018