I applied the audit2allow. The start of cobblerd now fails with:
root@fiat Desktop]# service cobblerd start
Starting cobbler daemon: Traceback (most recent call last):
File "/usr/bin/cobblerd", line 76, in main
api = cobbler_api.BootAPI(is_cobblerd=True)
File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 127, in __init__
module_loader.load_modules()
File "/usr/lib/python2.6/site-packages/cobbler/module_loader.py", line 62, in load_modules
blip = __import__("modules.%s" % ( modname), globals(), locals(), [modname])
File "/usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.py", line 121, in <module>
PAM_START = LIBPAM.pam_start
File "/usr/lib64/python2.6/ctypes/__init__.py", line 366, in __getattr__
func = self.__getitem__(name)
File "/usr/lib64/python2.6/ctypes/__init__.py", line 371, in __getitem__
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /usr/bin/python: undefined symbol: pam_start
[ OK ]
There are no SELinux alerts displayed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stuart J. Newman Solar Dynamics Observatory (SDO) Honeywell Technology Solutions Inc | NASA/Goddard Space Flight Center Building 14, Room E222 Mail Stop 428.2 Greenbelt, MD 20771 Office: (301) 286-5145 EMail: Stuart.J.Newman@nasa.gov |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed. If you are not the intended recipient, please notify the sender at once, and you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited. Nothing in this email, including any attachment, is intended to be a legally binding signature.
From: cobbler-bounces@lists.fedorahosted.org [mailto:cobbler-bounces@lists.fedorahosted.org] On Behalf Of James Cammarata
Sent: Monday, June 25, 2012 09:34
To: cobbler mailing list
Subject: Re: [cobbler] Cobbler 2.2.3-2 does no0t start on RHEL 6.3
On Mon, Jun 25, 2012 at 8:24 AM, Newman, Stuart J. (GSFC-444.0)[HONEYWELL TECHNOLOGY SOLUTIONS INC] <stuart.j.newman@nasa.gov> wrote:
Cobbler will not start on RHEL 6.3 with SELINUX set to enforcing. The traceback is:
[root@fiat Desktop]# service cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: Traceback (most recent call last):
File "/usr/bin/cobblerd", line 76, in main
api = cobbler_api.BootAPI(is_cobblerd=True)
File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 127, in __init__
module_loader.load_modules()
File "/usr/lib/python2.6/site-packages/cobbler/module_loader.py", line 62, in load_modules
blip = __import__("modules.%s" % ( modname), globals(), locals(), [modname])
File "/usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.py", line 53, in <module>
from ctypes import CDLL, POINTER, Structure, CFUNCTYPE, cast, pointer, sizeof
File "/usr/lib64/python2.6/ctypes/__init__.py", line 546, in <module>
CFUNCTYPE(c_int)(lambda: None)
MemoryError
This is a known issue involving python ctypes and selinux (we were just talking about this in #cobbler this morning actually). The policy created by audit2allow should resolve the issue for you, though it would be good to create a BZ to have the Red Hat guys fix this policy-wise upstream.