On Thu, Oct 13, 2011 at 7:52 PM, Jan Pazdziora <[email protected]> wrote: > On Mon, Oct 10, 2011 at 11:26:01AM +0800, Colin Coe wrote: >> >> Can anyone advise what the SELinux contexts should be if I've copied >> the distro ISO contents to /var/distro-trees/<label>? >> --- >> type=AVC msg=audit(1318216860.448:70920): avc: denied { search } for >> pid=19249 comm="cobblerd" name="/" dev=dm-6 ino=2 >> scontext=system_u:system_r:cobblerd_t:s0 >> tcontext=system_u:object_r:file_t:s0 tclass=dir >> type=AVC msg=audit(1318216920.466:70921): avc: denied { search } for >> pid=19272 comm="cobblerd" name="/" dev=dm-6 ino=2 >> scontext=system_u:system_r:cobblerd_t:s0 >> tcontext=system_u:object_r:file_t:s0 tclass=dir >> type=AVC msg=audit(1318216920.466:70922): avc: denied { search } for >> pid=19272 comm="cobblerd" name="/" dev=dm-6 ino=2 >> scontext=system_u:system_r:cobblerd_t:s0 >> tcontext=system_u:object_r:file_t:s0 tclass=dir >> --- >> >> I'd rather not change to permissive... > > If this is for creating kickstart distribution, it would be > for example spacewalk_data_t, or (probably) anything that > > sesearch --allow -s cobblerd_t -p search > > would show. > > Cobbler will then copy the vmlinuz and stuff to /tftpboot and give > it tftpdir_t, and it will also put it as symlinks to > /var/www/cobbler/images and give it httpd_sys_content_t. > > Here's a problem thou -- it used to be not trivial to force cobblerd > to create the content in /var/www/cobbler/images as symlinks and not > as hardlinks, other than having those on different filesystems. I'm > not even sure if that's something which was already addressed in EPEL. > > -- > Jan Pazdziora > Principal Software Engineer, Satellite Engineering, Red Hat >
Hi Jan I'm doing things a little differently. I don't want to mount the ISOs so what I've done is copied the ISOs (minus the .rpm files) in /var/distro-trees/<label>/. Thats why SELinux is complaining. How should I set the contexts to resolve this? Thanks CC -- RHCE#805007969328369 _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
