[Spacewalk-list] Spacewalk with enforced SELINUX
Maria Iano
maria at purplecoffee.com
Wed Sep 11 14:39:13 UTC 2013
On Wed, Sep 11, 2013 at 03:44:08PM +0200, Pierre Casenove wrote:
> Hello,
> My spacewalk server is currently running on RHEL 5 x64. I'm currently
> considering the migration under RHEL 6 x64.
> The big modification between rhel 5 and rhel 6 in our setup is that we
> activate SELINUX in enforcing mode in rhel 6.
> I know that spacewlak is running well with SELINUX in enforcing mode but we
> modify 2 parameters from the standard installation:
> - mount_point is set to /data/satellite instead of default /var/satellite.
> What selinux context should I apply on this folder (and subfolders)?
> - /data/satellite is in fact a NFS mount. Are there SELINUX booleans to
> activate to have spacewalk work using a NFS mount?
>
Take a look at the files in /etc/selinux/targeted/contexts/files to see
what the contexts are for the standard location, or use matchpathcon.
That will tell you what to use in your non-standard location.
If you use the -C flag with sesearch it will tell you what boolean is
involved.
Finally, make sure you have the setroubleshoot package installed to get
alerts with helpful information when selinux blocks something.
Maria
More information about the Spacewalk-list
mailing list