Cobbler 6.4, RHEL 6.5
When I attempt to save a profile, I get:
An error has occurred. You may find more information in
/var/log/cobbler/cobbler.log on the server should this error not be
self-explanatory.
<Fault 1: "<type 'exceptions.IOError'>:[Errno 13] Permission denied:
'/var/lib/tftpboot/boot/grub/menu.lst
This did not occur on Cobbler 6.1, nor does it occur with SELinux set to
permissive.
Sealert says:
SELinux is preventing /usr/bin/python from 'read, write' accesses on the file
/var/lib/tftpboot/boot/grub/.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that python should be allowed read write access on the file by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:cobblerd_t:s0
Target Context unconfined_u:object_r:tftpdir_rw_t:s0
Target Objects /var/lib/tftpboot/boot/grub/ [ file ]
Source cobblerd
Source Path /usr/bin/python
Port <Unknown>
Host fiat
Source RPM Packages python-2.6.6-52.el6.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.7.19-231.el6_5.3.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name fiat
Platform Linux fiat 2.6.32-431.23.3.el6.x86_64 #1 SMP Wed
Jul 16 06:12:23 EDT 2014 x86_64 x86_64
Alert Count 3
First Seen Tue 12 Aug 2014 11:14:36 AM GMT
Last Seen Tue 12 Aug 2014 11:20:04 AM GMT
Local ID 105ef0af-8d01-4890-b7b8-0acca7f73b90
Raw Audit Messages
type=AVC msg=audit(1407842404.156:236): avc: denied { read write } for
pid=4707 comm="cobblerd" name="menu.lst" dev=dm-3 ino=7079420
scontext=system_u:system_r:cobblerd_t:s0
tcontext=unconfined_u:object_r:tftpdir_rw_t:s0 tclass=file
type=SYSCALL msg=audit(1407842404.156:236): arch=x86_64 syscall=open success=no
exit=EACCES a0=7f12302a0670 a1=242 a2=1b6 a3=0 items=2 ppid=1 pid=4707
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm=cobblerd exe=/usr/bin/python
subj=system_u:system_r:cobblerd_t:s0 key=(null)
type=CWD msg=audit(1407842404.156:236): cwd=/
type=PATH msg=audit(1407842404.156:236): item=0
name=/var/lib/tftpboot/boot/grub/ inode=7079245 dev=fd:03 mode=040755 ouid=0
ogid=0 rdev=00:00 obj=unconfined_u:object_r:tftpdir_rw_t:s0 nametype=PARENT
type=PATH msg=audit(1407842404.156:236): item=1 name=(null) inode=7079420
dev=fd:03 mode=0100644 ouid=0 ogid=0 rdev=00:00
obj=unconfined_u:object_r:tftpdir_rw_t:s0 nametype=NORMAL
Hash: cobblerd,cobblerd_t,tftpdir_rw_t,file,read,write
audit2allow
#============= cobblerd_t ==============
allow cobblerd_t tftpdir_rw_t:file { read write };
audit2allow -R
#============= cobblerd_t ==============
allow cobblerd_t tftpdir_rw_t:file { read write };
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stuart J. Newman
Engineer 4; Systems
Solar Dynamics Observatory (SDO)
Honeywell Technology Solutions Inc
NASA/Goddard Space Flight Center
Building 14, Room E222
Mail Stop 428.2
Greenbelt, MD 20771
Office: (301) 286-5145
Mobile: (443) 878-0280
E-Mail: [email protected]<mailto:[email protected]>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This communication, including any attachment, contains information that
may be confidential or privileged, and is intended solely for the entity or
individual to whom it is addressed. If you are not the intended recipient,
please notify the sender at once, and you should delete this message and are
hereby notified that any disclosure, copying, or distribution of this message
is strictly prohibited. Nothing in this email, including any attachment, is
intended to be a legally binding signature.
_______________________________________________
cobbler mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/cobbler
