Hi, I'm trying once again to get cobbler running on a RHEL5 (not CentOS) box. I'm not getting quite as far this time as I did with my last attempt.
Last time I got through the initial kickstart and provisioning steps, but ran into a road block with yum update and got distracted and am finally getting back to it. There is some voodoo with the rhnplugin to make sure the VM is licensed, and eligible for updates. I could see that it was registered on the RHN website, but yum update was not seeing the registration and refusing to run. But this time I haven't even gotten that far. I'm trying to use cobbler with dnsmasq and am having a selinux issue. Summary: SELinux is preventing dnsmasq (dnsmasq_t) "read" to ./cobbler_hosts (var_lib_t). Detailed Description: SELinux denied access requested by dnsmasq. It is not expected that this access is required by dnsmasq and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./cobbler_hosts, restorecon -v './cobbler_hosts' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context user_u:system_r:dnsmasq_t Target Context system_u:object_r:var_lib_t Target Objects ./cobbler_hosts [ file ] Source dnsmasq Source Path /usr/sbin/dnsmasq Port <Unknown> Host slider.xxxxxxx.int Source RPM Packages dnsmasq-2.45-1.el5_2.1 Target RPM Packages Policy RPM selinux-policy-2.4.6-203.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name slider.xxxxxxx.int Platform Linux slider.xxxxxxx.int 2.6.18-53.el5xen #1 SMP Wed Oct 10 16:48:44 EDT 2007 x86_64 x86_64 Alert Count 3 First Seen Sun Feb 22 11:57:23 2009 Last Seen Tue Feb 24 04:51:59 2009 Local ID 7fd62fb1-d1dd-463e-9bc0-4382a196ab10 Line Numbers Raw Audit Messages host=slider.xxxxxxx.int type=AVC msg=audit(1235479919.226:6932): avc: denied { read } for pid=20792 comm="dnsmasq" name="cobbler_hosts" dev=dm-0 ino=4928901 scontext=user_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file host=slider.xxxxxxx.int type=SYSCALL msg=audit(1235479919.226:6932): arch=c000003e syscall=2 success=no exit=-13 a0=9be7cb0 a1=0 a2=1b6 a3=0 items=0 ppid=20791 pid=20792 auid=1002 uid=99 gid=40 euid=99 suid=99 fsuid=99 egid=40 sgid=40 fsgid=40 tty=(none) comm="dnsmasq" exe="/usr/sbin/dnsmasq" subj=user_u:system_r:dnsmasq_t:s0 key=(null) I tried the restorecon command suggested above, but it did not help. I did not try writing a local policy module, yet. I am expecting the cobbler_hosts file to have a couple of entries in it. But, is empty. I was assuming the file would be populated during the cobbler sync. Maybe I have some misconceptions about the cobbler_hosts file. What is it supposed to contain, and when does it get populated? -- Drew Einhorn _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
