On Wed, Jan 15, 2014 at 04:53:07PM +0100, Amedeo Salvati wrote: > Andy, also if you found somethings goes wrong you can create a new selinux > module by executing:cat /var/log/audit/audit.log | audit2allow -M > local-spacewalksemodule -i local-spacewalk.ppI found it useful with older > release of spacewalk / cobblerbest regardsa
The most typicaly source of SELinux-related problems in current Spacewalks (and in the majority of stable software with stable SELinux support, really) is that the labelling is off. Which typically means content is stored in locations where the SELinux policy does not expect it. Rather than audit2allow which will add 'allow's and can thus open access amongs components that are meant to be isolated, I recommend finding the cause of the problems and either place content in more standard locations, or using semanage fcontext + restorecon to inform the policy about the type for your content and labelling it on the filesystem. -- Jan Pazdziora Principal Software Engineer, Identity Management Engineering, Red Hat _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
