On Fri, Dec 12, 2008 at 11:49:47PM +0100, Anton Arapov wrote:
[..snip..]
> node=bandura.englab.brq.redhat.com type=AVC msg=audit(1229121538.953:228):
> avc: denied { read write } for pid=22082 comm="semanage"
> path="socket:[96400]" dev=sockfs ino=96400
> scontext=unconfined_u:unconfined_r:semanage_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=tcp_socket
> , have no idea ... this hits just by adding .call(semanage). I tried to
> reproduce
> it in test script, and everything works just fine.
>
> Usually, such things solved by:
> fcntl(socket, F_SETFD, FD_CLOEXEC),
> but it's python, and I do not see any sockets using,... evenmore, I do not see
> why we need 'import socket' in app.py and utils.py, I think they could be
> easily removed. ...
[code]
...
url = "http://%s:80/cobbler_api"; % (server)
self.xmlrpc_server = ServerProxy(url)
self.xmlrpc_server.get_profiles()
...
[/code]
xmlrpc_server is the descriptor SELinux complaints about.
Not sure how to fix it. I'm not familiar well with this lib so far. Don't you
know if
it possible to use it 'on demand', when we need something from xmlrpc - connect
and
disconnect at the end of operation?
-- Anton
_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler
