On 09/30/2009 04:18 AM, Philippe Eveque wrote:
2009/9/29 Philippe Eveque <philippe.eve...@gmail.com
<mailto:philippe.eve...@gmail.com>>
2009/9/29 Michael DeHaan <mdeh...@redhat.com
<mailto:mdeh...@redhat.com>>
On 09/29/2009 03:24 AM, Philippe Eveque wrote:
2009/9/28 Michael DeHaan <mdeh...@redhat.com
<mailto:mdeh...@redhat.com>>
> I noticed the following:
>
> - on server2 set up from scratch
> cobbler import .... was complaining that the
issued rsync
> command was failing
> I had to disable selinux for rsync to make cobbler
import working
> with the following command.
>
> root# setsebool -P rsync_disable_trans=1
What OS were you running from?
RHEL 5 (I should have mentioned it).
Were you doing an import from an rsync mirror (as in rsync
protocol, rsync://) or just a DVD or filesystem path? I'm
suprised we didn't hit that in SELinux testing on previous
releases as that hasn't really changed.
I forgot to mention
- this is a 2.0.x specific issue and 1.6.x does not expose it.
- if you run as root the rsync command reported by cobbler import
you do not hit the Pb either.
I guess this is because with 2.0 the rsync command is run in the
context of the cobblerd
daemon (after the cmd has been submitted via the xmlrpc layer)
does this make sense ?
Yeah, though our usage of rsync has not really changed -- though we can
figure it out :)
One new thing we do is update the rsync config to expose imported
directories (for replicate purposes), though this error seems to be not
about that but the actual rsync transfer (that we've always done) ...
and cobblerd runs unconfined so the regular rsync rules that happen in
the shell should, I think, apply the daemon.
*head scratch*
Anyway, yes, it's on the list and we'll take a look, and at least add
the cobbler check code you mentioned.
Thanks for the extra data!
--Michael
_______________________________________________
cobbler mailing list
cobbler@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler