Ironically, now that I've fixed the selinux setting, "cobbler check" tells
me where to RTFM:
3 : SELinux is enabled. Please review the following wiki page for details
on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
/a
On Tue, Jul 24, 2012 at 8:58 PM, Alan Crosswell <[email protected]> wrote:
> So I'm just trying to understand where this setsebool belongs. Is it in
> the cobbler RPM's post-install script then? Isn't the expected behavior
> that cobbler should "just work" (in terms of selinux) out of the box, as it
> were?
> /a
>
>
> On Tue, Jul 24, 2012 at 8:44 PM, James Cammarata <[email protected]> wrote:
>
>> On Tue, Jul 24, 2012 at 7:26 PM, Alan Crosswell <[email protected]>
>> wrote:
>> > James,
>> >
>> > audit2why recommended "setsebool -P httpd_can_network_connect_cobbler
>> 1" but
>> > even after doing that, starting cobblerd still fails and audit2why
>> > </var/log/audit/audit.log shows no new issues. BUT -- What I didn't try
>> (and
>> > did just now) is "service httpd restart" as well as "service cobblerd
>> start"
>> > which fixed it, so the lesson learned (for me) is the selinux setting
>> change
>> > didn't apply until the httpd service was restarted. Probably obvious to
>> > those who understand selinux;-) Hey, at least I didn't just disable
>> it;-)
>> >
>> > I think I'll leave the bug at bugzilla.redhat.com as this is not a
>> cobbler
>> > issue per-se but an FC17 selinux-policy configuration issue, isn't it?
>> >
>> > Thanks for the help.
>>
>> If there's a boolean for it, it's not a policy issue since there are
>> rules in place. I'd go ahead and make a note of your solution and
>> close that ticket yourself, or I can.
>> _______________________________________________
>> cobbler mailing list
>> [email protected]
>> https://fedorahosted.org/mailman/listinfo/cobbler
>>
>
>
_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler
