I've been doing a good amount of testing with Cobbler on SELinux, and basically there are a few things that have been changed:
(A) Anton's patch to do the SELinux contexts for koan LVM parititions (B) Closing file descriptors any time there is a subprocess call (close_fds=True) throughout cobbler. (C) Calling restorecon in various copies within cobbler to ensure tftpboot context (among other things) is correct. Combing all of these changes together should make Cobbler + koan SELinux happy again. When testing, you are encouraged to run in permissive mode (strict if you like) and also have setroubleshoot installed. The goal should be that there are /no/ warnings from setroubleshoot whatsoever from running any Cobbler or koan operation. If you see any, let us know. This worked nicely for previous Cobbler versions on older OS's, but as SELinux grows in scope and the policy changes, it's important to keep an eye out for these things -- especially because Cobbler is glue between a lot of different things that all need to play nice with one another. Thanks! --Michael _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
