[Spacewalk-list] selinux on CentOS 6.0
John Hodrien
J.H.Hodrien at leeds.ac.uk
Tue Jul 19 15:05:01 UTC 2011
I've just installed 1.4 on CentOS 6.0 with SELinux in targetted mode. I've
never use spacewalk with SELinux enabled, and am very much a newbie to
SELinux.
To create a new distribution I copied the contents of DVD1 to
/var/satellite/distros/centos-6.0, and tried to create a new distribution in
the webui.
This failed, for selinux reasons, and I couldn't work out how to fix it
easily.
Figuring that cobbler could read from its own directories, I moved it to
/var/lib/cobbler/distros, and set the context of those files to be
unconfined_u:object_r:cobbler_var_lib_t
That step then worked, but it failed trying to setup tftp.
audit2allow pointed me to an selinux boolean that'd cheer this step up.
semanage boolean -m --on cobbler_anon_write
That then all worked, until I came to create a new kickstart, and I had to
add:
allow cobblerd_t cobbler_var_lib_t:lnk_file read;
allow cobblerd_t tftpdir_rw_t:lnk_file read;
allow cobblerd_t var_lib_t:file { read getattr open };
What *should* I have have done? Clearly I'm just bumbling around without
knowing what I'm doing...
jh
More information about the Spacewalk-list
mailing list