On Tue, 2008-12-16 at 08:24 -0500, James Laska wrote: > On Mon, 2008-12-15 at 18:04 -0500, Michael DeHaan wrote: > > I've now made these changes on the devel branch. > > > > Folks with EL 4 or EL 5 who are interested in contributing some testing > > may want to try out Cobbler with SELinux enabled/permissive on EL 4. > > > > There is code in utils.py to remove some hardlinking when needed on EL 4 > > to enable the restorecon operations to be sent down as needed since > > there is no public_content_t type but only tftpdir_t and httpd_sys_content_t > > Using freshly built packages from the devel branch results in a lot of > chcon failures while attempting to change the context of my nfs mounted > storage ... > > # cobbler sync > ... > chcon operation failed: ['/usr/bin/chcon', '-t', 'public_content_t', > '/mnt/engarchive2/released/F-10/GOLD/Fedora/i386/os/images/pxeboot/vmlinuz-PAE'] > /usr/bin/chcon: failed to change context of > `/mnt/engarchive2/released/F-8/GOLD/Fedora/ppc/os/ppc/ppc32/vmlinuz' to > `system_u:object_r:public_content_t:s0': Read-only file system > chcon operation failed: ['/usr/bin/chcon', '-t', 'public_content_t', > '/mnt/engarchive2/released/F-8/GOLD/Fedora/ppc/os/ppc/ppc32/vmlinuz'] > > I have the following SELinux nfs-related booleans [un]set. > > httpd_use_nfs --> on > nfs_export_all_ro --> on > nfs_export_all_rw --> on > qemu_use_nfs --> on > virt_use_nfs --> off
More info ... Unless otherwise specified on the cmdline or in /etc/fstab, I believe nfs mounts get the context: nfs_t. Do we need to check if the files are hosted on a local vs remote filesystem before calling `chcon`? Thanks, James -- ========================================== James Laska -- [email protected] Quality Engineering -- Red Hat, Inc. ==========================================
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
