[Spacewalk-list] SELinux contexts for distro trees
Jan Pazdziora
jpazdziora at redhat.com
Thu Oct 13 11:55:23 UTC 2011
On Thu, Oct 13, 2011 at 11:03:28AM +0200, Patrick Hurrelmann wrote:
>
> I'm struggeling with the same issue. Maybe someone can sched some lights
> on it, as couldn't find any information regarding this topic.
>
> I tried to loop mount a CentOS 6 iso and manually adding the extracted
> content. Neither worked. But if selinux is set to permissive, both ways
> work.
What AVC denial do you get on your system? I can see
# sesearch --allow -s cobblerd_t -t iso9660_t
Found 3 semantic av rules:
allow cobblerd_t iso9660_t : file { ioctl read getattr lock open } ;
allow cobblerd_t iso9660_t : dir { ioctl read getattr lock search open } ;
allow cobblerd_t iso9660_t : lnk_file { read getattr } ;
with
# rpm -q selinux-policy-targeted
selinux-policy-targeted-3.7.19-113.el6.noarch
so if your ISO is mounted right, it should work.
--
Jan Pazdziora
Principal Software Engineer, Satellite Engineering, Red Hat
More information about the Spacewalk-list
mailing list