subject:"Re\: \[Spacewalk\-list\] Create Kickstart Distribution issue"

Re: [Spacewalk-list] Create Kickstart Distribution issue

2018-04-06 Thread Afify, Sherif S (IBS)

Thanks that fixed the issue . 

--

Message: 2
Date: Fri, 6 Apr 2018 09:43:59 +0200
From: Michael Mraka 
To: spacewalk-list@redhat.com
Subject: Re: [Spacewalk-list] Create Kickstart Distribution issue
Message-ID: <20180406074359.ga3...@magni.brq.redhat.com>
Content-Type: text/plain; charset=utf-8



Hello,

Correct selinux label for kickstart tree is 
system_u:object_r:spacewalk_data_t:s0. 
E.g.
# ll kickstart/ks-centos-x86_64-server-7-7.4/ -Z
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 EFI
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 EULA
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 GPL
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 LiveOS
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 addons
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 discinfo
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 extra_files.json
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 images
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 isolinux
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 media.repo
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 repodata
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 treeinfo


Regards,

--
Michael Mr?ka
System Management Engineering, Red Hat



___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Create Kickstart Distribution issue

2018-04-06 Thread Michael Mraka

Afify, Sherif S (IBS):
> Also the /var/log/audit/audit.log show the below error 
> 
> 
> type=AVC msg=audit(1522929930.084:173): avc:  denied  { search } for  
> pid=13523 comm="java" name="/" dev="loop0" ino=1856 
> scontext=system_u:system_r:tomcat_t:s0 
> tcontext=system_u:object_r:iso9660_t:s0 tclass=dir
> type=SYSCALL msg=audit(1522929930.084:173): arch=c03e syscall=4 
> success=no exit=-13 a0=7fbc04144aa0 a1=7fbbf42c9c90 a2=7fbbf42c9c90 a3=5 
> items=0 ppid=1 pid=13523 auid=4294967295 uid=91 gid=91 euid=91 suid=91 
> fsuid=91 egid=91 sgid=91 fsgid=91 tty=(none) ses=4294967295 comm="java" 
> exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/bin/java"
>  subj=system_u:system_r:tomcat_t:s0 key=(null)
> type=PROCTITLE msg=audit(1522929930.084:173): 
> proctitle=2F7573722F6C69622F6A766D2F6A72652F62696E2F6A617661002D6561002D586D733235366D002D586D783235366D002D446A6176612E6177742E686561646C6573733D74727565002D446F72672E786D6C2E7361782E6472697665723D6F72672E6170616368652E7865726365732E706172736572732E5341585061727365
> 
> -Original Message-
> From: Afify, Sherif S (IBS) 
> Sent: Thursday, April 5, 2018 7:55 PM
> To: spacewalk-list@redhat.com
> Subject: Create Kickstart Distribution issue 
> 
> I am getting the below when I create new Kickstart Distribution from web 
> interface :
> 
> The initrd could not be found at the specified location: 
> /var/distro-trees/centos7-x86_64-server/images/pxeboot/initrd.img 
> 
> What I did so far and didn't fix the issue :
> 
> 1- set its SELinux file type as httpd_sys_content_t " /usr/sbin/semanage 
> fcontext -a -t httpd_sys_content_t "/var/distro-trees(/.*)?" " & 
> /sbin/restorecon -R -v /var/distro-trees
> 2- 644 apache.apache for all files and 755 apache.root for all directories
> 
> 
> Can you help me what exactly I am missing ?


Hello,

Correct selinux label for kickstart tree is 
system_u:object_r:spacewalk_data_t:s0. 
E.g.
# ll kickstart/ks-centos-x86_64-server-7-7.4/ -Z
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 EFI
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 EULA
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 GPL
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 LiveOS
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 addons
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 discinfo
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 extra_files.json
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 images
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 isolinux
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 media.repo
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 repodata
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 treeinfo


Regards,

--
Michael Mráka
System Management Engineering, Red Hat

___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Create Kickstart Distribution issue

2018-04-05 Thread Robert Paschedag

Am 5. April 2018 20:13:22 MESZ schrieb "Afify, Sherif S (IBS)" 
:
>Also the /var/log/audit/audit.log show the below error 
>
>
>type=AVC msg=audit(1522929930.084:173): avc:  denied  { search } for 
>pid=13523 comm="java" name="/" dev="loop0" ino=1856
>scontext=system_u:system_r:tomcat_t:s0
>tcontext=system_u:object_r:iso9660_t:s0 tclass=dir
>type=SYSCALL msg=audit(1522929930.084:173): arch=c03e syscall=4
>success=no exit=-13 a0=7fbc04144aa0 a1=7fbbf42c9c90 a2=7fbbf42c9c90
>a3=5 items=0 ppid=1 pid=13523 auid=4294967295 uid=91 gid=91 euid=91
>suid=91 fsuid=91 egid=91 sgid=91 fsgid=91 tty=(none) ses=4294967295
>comm="java"
>exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/bin/java"
>subj=system_u:system_r:tomcat_t:s0 key=(null)
>type=PROCTITLE msg=audit(1522929930.084:173):
>proctitle=2F7573722F6C69622F6A766D2F6A72652F62696E2F6A617661002D6561002D586D733235366D002D586D783235366D002D446A6176612E6177742E686561646C6573733D74727565002D446F72672E786D6C2E7361782E6472697665723D6F72672E6170616368652E7865726365732E706172736572732E5341585061727365
>
>-Original Message-
>From: Afify, Sherif S (IBS) 
>Sent: Thursday, April 5, 2018 7:55 PM
>To: spacewalk-list@redhat.com
>Subject: Create Kickstart Distribution issue 
>
>I am getting the below when I create new Kickstart Distribution from
>web interface :
>
>The initrd could not be found at the specified location:
>/var/distro-trees/centos7-x86_64-server/images/pxeboot/initrd.img 
>
>What I did so far and didn't fix the issue :
>
>1- set its SELinux file type as httpd_sys_content_t "
>/usr/sbin/semanage fcontext -a -t httpd_sys_content_t
>"/var/distro-trees(/.*)?" " & /sbin/restorecon -R -v /var/distro-trees
>2- 644 apache.apache for all files and 755 apache.root for all
>directories
>
>
>Can you help me what exactly I am missing ?
>
>
>___
>Spacewalk-list mailing list
>Spacewalk-list@redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list

Try to first extract the iso to the target folder and set the selinux 
permissions.

Robert
-- 
sent from my mobile device

___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Create Kickstart Distribution issue

2018-04-05 Thread Afify, Sherif S (IBS)

>From the threads I saw that you faced/know about this issue , do you know what 
>I am missing ?

-Original Message-
From: Afify, Sherif S (IBS) 
Sent: Thursday, April 5, 2018 8:13 PM
To: 'spacewalk-list@redhat.com' 
Subject: RE: Create Kickstart Distribution issue 

Also the /var/log/audit/audit.log show the below error 


type=AVC msg=audit(1522929930.084:173): avc:  denied  { search } for  pid=13523 
comm="java" name="/" dev="loop0" ino=1856 
scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:iso9660_t:s0 
tclass=dir type=SYSCALL msg=audit(1522929930.084:173): arch=c03e syscall=4 
success=no exit=-13 a0=7fbc04144aa0 a1=7fbbf42c9c90 a2=7fbbf42c9c90 a3=5 
items=0 ppid=1 pid=13523 auid=4294967295 uid=91 gid=91 euid=91 suid=91 fsuid=91 
egid=91 sgid=91 fsgid=91 tty=(none) ses=4294967295 comm="java" 
exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/bin/java" 
subj=system_u:system_r:tomcat_t:s0 key=(null) type=PROCTITLE 
msg=audit(1522929930.084:173): 
proctitle=2F7573722F6C69622F6A766D2F6A72652F62696E2F6A617661002D6561002D586D733235366D002D586D783235366D002D446A6176612E6177742E686561646C6573733D74727565002D446F72672E786D6C2E7361782E6472697665723D6F72672E6170616368652E7865726365732E706172736572732E5341585061727365

-Original Message-
From: Afify, Sherif S (IBS)
Sent: Thursday, April 5, 2018 7:55 PM
To: spacewalk-list@redhat.com
Subject: Create Kickstart Distribution issue 

I am getting the below when I create new Kickstart Distribution from web 
interface :

The initrd could not be found at the specified location: 
/var/distro-trees/centos7-x86_64-server/images/pxeboot/initrd.img 

What I did so far and didn't fix the issue :

1- set its SELinux file type as httpd_sys_content_t " /usr/sbin/semanage 
fcontext -a -t httpd_sys_content_t "/var/distro-trees(/.*)?" " & 
/sbin/restorecon -R -v /var/distro-trees
2- 644 apache.apache for all files and 755 apache.root for all directories


Can you help me what exactly I am missing ?


___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Create Kickstart Distribution issue

2018-04-05 Thread Afify, Sherif S (IBS)

Also the /var/log/audit/audit.log show the below error 


type=AVC msg=audit(1522929930.084:173): avc:  denied  { search } for  pid=13523 
comm="java" name="/" dev="loop0" ino=1856 
scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:iso9660_t:s0 
tclass=dir
type=SYSCALL msg=audit(1522929930.084:173): arch=c03e syscall=4 success=no 
exit=-13 a0=7fbc04144aa0 a1=7fbbf42c9c90 a2=7fbbf42c9c90 a3=5 items=0 ppid=1 
pid=13523 auid=4294967295 uid=91 gid=91 euid=91 suid=91 fsuid=91 egid=91 
sgid=91 fsgid=91 tty=(none) ses=4294967295 comm="java" 
exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/bin/java" 
subj=system_u:system_r:tomcat_t:s0 key=(null)
type=PROCTITLE msg=audit(1522929930.084:173): 
proctitle=2F7573722F6C69622F6A766D2F6A72652F62696E2F6A617661002D6561002D586D733235366D002D586D783235366D002D446A6176612E6177742E686561646C6573733D74727565002D446F72672E786D6C2E7361782E6472697665723D6F72672E6170616368652E7865726365732E706172736572732E5341585061727365

-Original Message-
From: Afify, Sherif S (IBS) 
Sent: Thursday, April 5, 2018 7:55 PM
To: spacewalk-list@redhat.com
Subject: Create Kickstart Distribution issue 

I am getting the below when I create new Kickstart Distribution from web 
interface :

The initrd could not be found at the specified location: 
/var/distro-trees/centos7-x86_64-server/images/pxeboot/initrd.img 

What I did so far and didn't fix the issue :

1- set its SELinux file type as httpd_sys_content_t " /usr/sbin/semanage 
fcontext -a -t httpd_sys_content_t "/var/distro-trees(/.*)?" " & 
/sbin/restorecon -R -v /var/distro-trees
2- 644 apache.apache for all files and 755 apache.root for all directories


Can you help me what exactly I am missing ?


___
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

Re: [Spacewalk-list] Create Kickstart Distribution issue

Re: [Spacewalk-list] Create Kickstart Distribution issue

Re: [Spacewalk-list] Create Kickstart Distribution issue

Re: [Spacewalk-list] Create Kickstart Distribution issue

Re: [Spacewalk-list] Create Kickstart Distribution issue

5 matches

Site Navigation

Mail list logo

Footer information