[Spacewalk-list] Problems creating a Kickstart Distribution
James Hogarth
james.hogarth at gmail.com
Tue Apr 10 22:43:23 UTC 2012
>>
>> I saw the previous posting where the resolution was to disable selinux. In our case, it's already disabled, so now I'm stuck.
>>
>> Any Ideas?
>
> If the page that gives you the Internal Server Error is a .do page, look for traceback in /var/log/tomcat*/catalina.out. If it is a .pxt page, look in /var/log/httpd/*error_log.
>
> --
Okay I have just duplicated this.... at least I think I have....
Fresh install of Spacewalk 1.7 on CentOS 6 64bit with a PostgresSQL
8.4 backend....
Repos have sync'd fine and distribution set up.....
Go to create a kickstart and get an internal server error....
Looking at the tomcat logs cobbler complained it could not find the
kickstart file in /var/lib/rhn/kickstarts/wizard/
Checking audit2allow/audit2why revealed:
type=AVC msg=audit(1334097133.171:707): avc: denied { getattr } for
pid=24064 comm="cobblerd"
path="/var/lib/rhn/kickstarts/wizard/Base_Install_6--1.cfg" dev=dm-0
ino=13767535 scontext=unconfined_u:system_r:cobblerd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
#============= cobblerd_t ==============
allow cobblerd_t var_lib_t:file getattr;
The question then is what is the right solution? Allow cobblerd_t to
access files of type var_lib_t (seems a bit open?) or find out
whatever the context is meant to be on /var/lib/rhn/kickstarts and
correct that?
Can't see anything relevant on bugzilla - has anything changed between
the 1.6 and 1.7 release that could have triggered this? Maybe a change
in cobbler's RPM if not spacewalk itself....
James
More information about the Spacewalk-list
mailing list