Tim Largy wrote:
I'm running Fedora 9, using cobbler 1.4.1 that yum retrieved for me from the Fedora updates repository. SELinux is denying tftpd access to vmlinuz-PAE. This is in my /var/log/messages many times:
setroubleshoot: SELinux is preventing in.tftpd (tftpd_t)
"read" to ./vmlinuz-PAE (httpd_sys_content_t)
By the way, SELinux also prevents dhcpd and tffpd from writing to /var/log/cobbler/cobbler.log. I'm not sure I'm in the mood to learn how to write SELinux policy so I'm going to turn off SELinux enforcement and try again.
Tim _______________________________________________ cobbler mailing list cobbler@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler
If you run "cobbler check" it will suggest 3 semanage rules that you need to set in order to use Cobbler with SELinux. Have you set them?
This will ensure content that is hardlinked between the two locations is labelled public_content_t, not httpd_sys_content_t or tftpd_t, which is not sharable between the two types of ways the content needs to be served up.
The semanage rule will make sure this is always set automatically, ideally requiring no further interaction to fix this when you run cobbler commands.
DHCP and TFTP don't write to cobbler.log at all, which leads me to believe that particular error may be a bug in selinux, and should be reported there. I'm running Fedora 9 and haven't seen that problem. Cobblerd itself runs unconfined presently and is the only thing that writes to that log file.
--Michael