Hi,

I'm trying once again to get cobbler running on a RHEL5 (not CentOS) box.
I'm not getting quite as far this time as I did with my last attempt.

Last time I got through the initial kickstart and provisioning steps,
but ran into a road block with yum update and got distracted
and am finally getting back to it.

There is some voodoo with the rhnplugin to make sure the VM is licensed,
and eligible for updates.  I could see that it was registered on the
RHN website, but yum update was not seeing the registration and
refusing to run.

But this time I haven't even gotten that far.


I'm trying to use cobbler with dnsmasq
and am having a selinux issue.



Summary:

SELinux is preventing dnsmasq (dnsmasq_t) "read" to ./cobbler_hosts (var_lib_t).

Detailed Description:

SELinux denied access requested by dnsmasq. It is not expected that this access
is required by dnsmasq and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./cobbler_hosts,

restorecon -v './cobbler_hosts'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:system_r:dnsmasq_t
Target Context                system_u:object_r:var_lib_t
Target Objects                ./cobbler_hosts [ file ]
Source                        dnsmasq
Source Path                   /usr/sbin/dnsmasq
Port                          <Unknown>
Host                          slider.xxxxxxx.int
Source RPM Packages           dnsmasq-2.45-1.el5_2.1
Target RPM Packages
Policy RPM                    selinux-policy-2.4.6-203.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     slider.xxxxxxx.int
Platform                      Linux slider.xxxxxxx.int 2.6.18-53.el5xen #1 SMP
                              Wed Oct 10 16:48:44 EDT 2007 x86_64 x86_64
Alert Count                   3
First Seen                    Sun Feb 22 11:57:23 2009
Last Seen                     Tue Feb 24 04:51:59 2009
Local ID                      7fd62fb1-d1dd-463e-9bc0-4382a196ab10
Line Numbers

Raw Audit Messages

host=slider.xxxxxxx.int type=AVC msg=audit(1235479919.226:6932): avc:
denied  { read } for  pid=20792 comm="dnsmasq" name="cobbler_hosts"
dev=dm-0 ino=4928901 scontext=user_u:system_r:dnsmasq_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=file

host=slider.xxxxxxx.int type=SYSCALL msg=audit(1235479919.226:6932):
arch=c000003e syscall=2 success=no exit=-13 a0=9be7cb0 a1=0 a2=1b6
a3=0 items=0 ppid=20791 pid=20792 auid=1002 uid=99 gid=40 euid=99
suid=99 fsuid=99 egid=40 sgid=40 fsgid=40 tty=(none) comm="dnsmasq"
exe="/usr/sbin/dnsmasq" subj=user_u:system_r:dnsmasq_t:s0 key=(null)


I tried the restorecon command suggested above, but it did not help.
I did not try writing a local policy module, yet.


I am expecting the cobbler_hosts file to have a couple of entries in it.
But, is empty.

I was assuming the file would be populated during the cobbler sync.

Maybe I have some misconceptions about the cobbler_hosts file.
What is it supposed to contain, and when does it get populated?
-- 
Drew Einhorn
_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler

Reply via email to