Hello, this is what I have done to get a working config with Selinux
Active SELinux, edit /etc/sysconfig/selinux SELINUX=enforcing SELINUXTYPE=targeted Reboot the system. reboot You can investigate SELinux issues without any tools by opening the audit log it generates. This log is found at /var/log/audit/audit.log. However, unless you know exactly what to look for and have a lot of free time, you’re going to find it difficult making sense of the log. For that reason we install a package that will help use to troubleshot SeLinux yum install setroubleshoot setools We now have a tool called sealert that analyzes the audit log used by SELinux. Sealert will scan the log file and report and will then generate a report containing all discovered SELinux issues. sealert -a /var/log/audit/audit.log Truncated output example -------------------------------------------------------------------------------- SELinux is preventing /usr/sbin/httpd from name_connect access on the tcp_socket port 25151. ***** Plugin catchall_boolean (47.5 confidence) suggests ****************** If you want to allow httpd to can network connect cobbler Then you must tell SELinux about this by enabling the 'httpd_can_network_connect_cobbler' boolean. Do setsebool -P httpd_can_network_connect_cobbler 1 The most important part of the report is found at the end of each alert. This is where it explains how to resolve the problem. Just run each command which you want to allow setsebool -P httpd_can_network_connect_cobbler 1 setsebool -P httpd_can_network_connect 1 setsebool -P nis_enabled 1 setsebool -P authlogin_nsswitch_use_ldap 1 setsebool -P cobbler_can_network_connect 1 setsebool -P httpd_serve_cobbler_files 1 semanage fcontext -a -t httpd_sys_content_t “/var/mrepo(/.*)?” restorecon -R /var/mrepo restorecon -v /var/lib/tftpboot semanage fcontext -a -t public_content_t "/var/lib/tftpboot/.*" semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*" setsebool -P tftp_anon_write 1 setsebool -P tftp_home_dir 1 -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: mercredi 17 février 2016 10:34 To: [email protected] Subject: [cobbler] Re: trouble with cobbler get-loaders behind a proxy Ok, It was a Selinux problem. Disabling it fixed the problem. Thanks anyway. _______________________________________________ cobbler mailing list [email protected]<mailto:[email protected]> https://lists.fedorahosted.org/admin/lists/[email protected]
_______________________________________________ cobbler mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
