[Spacewalk-list] SELinux with spacewalk
Jan Pazdziora
jpazdziora at redhat.com
Thu Jan 16 03:13:15 UTC 2014
On Wed, Jan 15, 2014 at 04:53:07PM +0100, Amedeo Salvati wrote:
> Andy, also if you found somethings goes wrong you can create a new selinux module by executing:cat /var/log/audit/audit.log | audit2allow -M local-spacewalksemodule -i local-spacewalk.ppI found it useful with older release of spacewalk / cobblerbest regardsa
The most typicaly source of SELinux-related problems in current
Spacewalks (and in the majority of stable software with stable SELinux
support, really) is that the labelling is off. Which typically means
content is stored in locations where the SELinux policy does not
expect it.
Rather than audit2allow which will add 'allow's and can thus open
access amongs components that are meant to be isolated, I recommend
finding the cause of the problems and either place content in more
standard locations, or using semanage fcontext + restorecon to inform
the policy about the type for your content and labelling it on the
filesystem.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Spacewalk-list
mailing list