Re: problems with cobbler-current

Sat, 12 Nov 2011 07:05:54 -0800 

On Sat, Nov 12, 2011 at 8:39 AM, Jörgen Maas <jorgen.m...@gmail.com> wrote:
> On Sat, Nov 12, 2011 at 2:51 PM, James Cammarata <j...@sngx.net> wrote:
> <snip>
>> or even better, audit2allow and update the selinux policy for
>> cobbler with a patch :)
>
> I can give it a try, i just cant figure out where the policy is
> defined in the cobbler repo???
> E.g. in what file?

Umm yeah I'm not sure :) I thought it was done in the spec but I'm
having trouble finding it myself.

I did enable selinux on my system, and I'm not having the issue you are:

# setenforce 1
# getenforce
Enforcing
# service cobblerd restart
Restarting cobblerd (via systemctl):                       [  OK  ]
# service cobblerd status
cobblerd.service - LSB: daemon for libvirt virtualization API
          Loaded: loaded (/etc/rc.d/init.d/cobblerd)
          Active: active (running) since Sat, 12 Nov 2011 08:50:09 -0600; 4s ago
         Process: 3534 ExecStop=/etc/rc.d/init.d/cobblerd stop
(code=exited, status=0/SUCCESS)
         Process: 3544 ExecStart=/etc/rc.d/init.d/cobblerd start
(code=exited, status=0/SUCCESS)
        Main PID: 3499 (code=killed, signal=TERM)
          CGroup: name=systemd:/system/cobblerd.service


This is F15. I'm getting a lot of OTHER avc's, but nothing related to PAM:

#============= cobblerd_t ==============
allow cobblerd_t cobbler_tmp_t:file execute;
allow cobblerd_t self:capability { setuid audit_write };
allow cobblerd_t self:netlink_audit_socket { write nlmsg_relay create read };
allow cobblerd_t shadow_t:file { read getattr open };
allow cobblerd_t tmpfs_t:dir write;

#============= httpd_t ==============
allow httpd_t cobbler_port_t:tcp_socket name_connect; # there's a
boolean for this
allow httpd_t cobbler_var_lib_t:dir { write remove_name add_name };
allow httpd_t cobbler_var_lib_t:file { write rename create unlink };

For instance, I can't log out of the web because it's denying
permission to write to the sessions directory (I setenforce to 1 after
logging in).
_______________________________________________
cobbler-devel mailing list
cobbler-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler-devel

Reply via email to