[Spacewalk-list] Create Kickstart Distribution issue

Michael Mraka michael.mraka at redhat.com
Fri Apr 6 07:43:59 UTC 2018 

Afify, Sherif S (IBS):
> Also the /var/log/audit/audit.log show the below error 
> 
> 
> type=AVC msg=audit(1522929930.084:173): avc:  denied  { search } for  pid=13523 comm="java" name="/" dev="loop0" ino=1856 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:iso9660_t:s0 tclass=dir
> type=SYSCALL msg=audit(1522929930.084:173): arch=c000003e syscall=4 success=no exit=-13 a0=7fbc04144aa0 a1=7fbbf42c9c90 a2=7fbbf42c9c90 a3=5 items=0 ppid=1 pid=13523 auid=4294967295 uid=91 gid=91 euid=91 suid=91 fsuid=91 egid=91 sgid=91 fsgid=91 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
> type=PROCTITLE msg=audit(1522929930.084:173): proctitle=2F7573722F6C69622F6A766D2F6A72652F62696E2F6A617661002D6561002D586D733235366D002D586D783235366D002D446A6176612E6177742E686561646C6573733D74727565002D446F72672E786D6C2E7361782E6472697665723D6F72672E6170616368652E7865726365732E706172736572732E5341585061727365
> 
> -----Original Message-----
> From: Afify, Sherif S (IBS) 
> Sent: Thursday, April 5, 2018 7:55 PM
> To: spacewalk-list at redhat.com
> Subject: Create Kickstart Distribution issue 
> 
> I am getting the below when I create new Kickstart Distribution from web interface :
> 
> The initrd could not be found at the specified location: /var/distro-trees/centos7-x86_64-server/images/pxeboot/initrd.img 
> 
> What I did so far and didn't fix the issue :
> 
> 1- set its SELinux file type as httpd_sys_content_t " /usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/distro-trees(/.*)?" " & /sbin/restorecon -R -v /var/distro-trees
> 2- 644 apache.apache for all files and 755 apache.root for all directories
> 
> 
> Can you help me what exactly I am missing ?


Hello,

Correct selinux label for kickstart tree is system_u:object_r:spacewalk_data_t:s0. 
E.g.
# ll kickstart/ks-centos-x86_64-server-7-7.4/ -Z
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 EFI
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 EULA
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 GPL
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 LiveOS
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 addons
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 discinfo
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 extra_files.json
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 images
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 isolinux
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 media.repo
drwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 repodata
-rwxr-x---. apache apache system_u:object_r:spacewalk_data_t:s0 treeinfo


Regards,

--
Michael Mráka
System Management Engineering, Red Hat

More information about the Spacewalk-list mailing list