7 Replies Latest reply on Mar 22, 2011 8:52 PM by Bill Robinson

    New requirement for RHEL5x64 RSCD agents?

    Matt Kreger

      My provisoning started screwing up when I dropped the 8.0.SP6 (8.0.622) version of the RHEL5x64 RSCD agent in my agent installers directory with the

      nsh-install-defaults file I've been using since BladeLogic 7.5.  I'd find the rscd agent unble to start with nothing in the logs.  So I installed it manually, and am now prompted with the following in the middle of the installation:


      The installer has detected SELinux set to enforcing on this machine. If you do not allow the installer to change the SELinux permissions, the application may not work correctly. The installer will atempt to run the following commands to change SELinux permissions:

      setsebool -P allow_execstack=1

      setsebool -P allow_execmod=1


      If I allow this, RSCD runs.  Now of course, I'm going to have to go off and have endless meetings with the people who certify our Linux configuration and security stance to discuss the implications of making this change, whether exceptions are possible and how to document them, etc., etc., ad nauseum....  which is all extremely annoying of course, and an enormous time waster, but completely par for the course with the way product releases seem to happen.  Why does every release seem to want to further weaken the security of my operating system?


      So I'm going to need to answer the following:


      1. why was this change made, and why is it required?

      2. which version of RSCD agent was the requirement introduced? (So I can go back to the one immediately preceeding it)

      3. assuming I could get an exception, what changes would I need to make to the nsh-install-defaults to pass a yes to this prompt?