Anton Arapov wrote:
> On Fri, Dec 12, 2008 at 11:49:47PM +0100, Anton Arapov wrote:
> [..snip..]
>
>> node=bandura.englab.brq.redhat.com type=AVC msg=audit(1229121538.953:228):
>> avc: denied { read write } for pid=22082 comm="semanage"
>> path="socket:[96400]" dev=sockfs ino=96400
>> scontext=unconfined_u:unconfined_r:semanage_t:s0
>> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=tcp_socket
>> , have no idea ... this hits just by adding .call(semanage). I tried to
>> reproduce
>> it in test script, and everything works just fine.
>>
>> Usually, such things solved by:
>> fcntl(socket, F_SETFD, FD_CLOEXEC),
>> but it's python, and I do not see any sockets using,... evenmore, I do not
>> see
>> why we need 'import socket' in app.py and utils.py, I think they could be
>> easily removed. ...
>>
>
> [code]
> ...
> url = "http://%s:80/cobbler_api"; % (server)
> self.xmlrpc_server = ServerProxy(url)
> self.xmlrpc_server.get_profiles()
> ...
> [/code]
>
> xmlrpc_server is the descriptor SELinux complaints about.
>
> Not sure how to fix it. I'm not familiar well with this lib so far. Don't you
> know if
> it possible to use it 'on demand', when we need something from xmlrpc -
> connect and
> disconnect at the end of operation?
>
> -- Anton
>
>
Cobbler's use of xmlrpclib is no different than any other python
library, of which we have many that use xmlrpclib -- it probably points
at something fundamental that needs to be fixed in SELinux if it's
complaining about simple socket usage.
--Michael
_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler
