So I'm just trying to understand where this setsebool belongs. Is it in the cobbler RPM's post-install script then? Isn't the expected behavior that cobbler should "just work" (in terms of selinux) out of the box, as it were? /a
On Tue, Jul 24, 2012 at 8:44 PM, James Cammarata <[email protected]> wrote: > On Tue, Jul 24, 2012 at 7:26 PM, Alan Crosswell <[email protected]> wrote: > > James, > > > > audit2why recommended "setsebool -P httpd_can_network_connect_cobbler 1" > but > > even after doing that, starting cobblerd still fails and audit2why > > </var/log/audit/audit.log shows no new issues. BUT -- What I didn't try > (and > > did just now) is "service httpd restart" as well as "service cobblerd > start" > > which fixed it, so the lesson learned (for me) is the selinux setting > change > > didn't apply until the httpd service was restarted. Probably obvious to > > those who understand selinux;-) Hey, at least I didn't just disable > it;-) > > > > I think I'll leave the bug at bugzilla.redhat.com as this is not a > cobbler > > issue per-se but an FC17 selinux-policy configuration issue, isn't it? > > > > Thanks for the help. > > If there's a boolean for it, it's not a policy issue since there are > rules in place. I'd go ahead and make a note of your solution and > close that ticket yourself, or I can. > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler >
_______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
