On 3/13/26 12:04 PM, lejeczek via users wrote:
Hi guys.
When I try to start cobblerd then SELinux goes loud.
A long list of files/folder being blocked, access denials by SE - though
cobblerd service starts.
Seems that _cobbler_ wants to go everywhere in /etc, here is just a snippet:
...
SELinux is preventing /usr/bin/python3.12 from getattr access on the
directory /etc/lvm. For complete SELinux messages run: sealert -l
8a34d355-1c7e-4067-8a71-9d8dc195a5ce
SELinux is preventing /usr/bin/python3.12 from getattr access on the
directory /etc/lvm.
# ausearch -c 'cobblerd' --raw | audit2allow -M my-cobblerd
SELinux is preventing /usr/bin/python3.12 from getattr access on the
file /etc/aliases.lmdb. For complete SELinux messages run: sealert -l
33eaf315-38b9-47dc-bea8-ff304ffa4281
SELinux is preventing /usr/bin/python3.12 from getattr access on the
file /etc/aliases.lmdb.
# ausearch -c 'cobblerd' --raw | audit2allow -M my-cobblerd
SELinux is preventing /usr/bin/python3.12 from getattr access on the
file /etc/adjtime. For complete SELinux messages run: sealert -l
0434ff96-1606-49c7-8bf5-21305bf1b6cd
SELinux is preventing /usr/bin/python3.12 from getattr access on the
file /etc/adjtime.
# ausearch -c 'cobblerd' --raw | audit2allow -M my-cobblerd
...
This is on Centos 10 but, anybody sees this/similar?
I'm thinking... what the hell? is Cobbler looking for in there...
Do I have something very badly configured..
thanks, L.
I use Cobbler quite a bit. I love it. For quite a while, we were not
including it for CentOS/RHEL 10 in EPEL. I am pleasantly surprised to
see it has been included.
To use Cobbler 3.3 on CentOS Stream 10, I do a couple of things as root:
Add the correct stanza for rhel10 to
/var/lib/cobbler/distro_signatures.json[1]
setenforce 0
setsebool -P httpd_can_network_connect_cobbler 1
setsebool -P cobbler_can_network_connect 1
Then import my first distro with something similar to:
cobbler import --name=centos-stream-10 --arch=x86_64
--path=/var/www/html/CentOS10/
Then when it's all over, I do:
ausearch -c 'cobblerd' --raw | audit2allow -al -M cobblerlocal
semodule -i cobblerlocal.pp
Then:
setenforce 1
And then I test by adding Fedora 43 to
/var/lib/cobbler/distro_signatures.json[1] and then
cobbler import --name=fedora43 --arch=x86_64 --path=/var/www/html/Fedora43
[1] If it helps, my distro_signatures.json is at
https://camerontech.com/distro_signatures.json
--
Thanks!
Thomas Cameron
--
_______________________________________________
users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
