Notes From Fedora 10 Attempt

Thursday, 4 December 2008

Hi,

I'm trying out cobbler on Fedora 10.  I noticed that SELinux denies cobbler access
to:

./menu.c32

Also I see the following in the log:

Dec  4 16:15:03 ole setroubleshoot: SELinux is preventing in.tftpd (tftpd_t)
"read" to ./vmlinuz-PAE (httpd_sys_content_t). For complete SELinux messages.
run sealert -l ed35d123-47b4-4dee-89ee-ccb9e95497b4

This caused the pxe booting to spin constantly printing the message:
Could not find kernel image: /images/fedora10-i386/vmlinuz-PAE

After disabling SELinux everything worked fine.

I pasted the selinux summary below.  Please let me know if I should add a ticket for this.
 I did run the command:
setsebool -P httpd_can_network_connect true

prior to attempting the run.

Below is the summary of the ./menu.c32 denial.  

Cheers,
Ole

Summary:

SELinux is preventing in.tftpd (tftpd_t) "read" to ./menu.c32 (var_lib_t).

Detailed Description:

SELinux denied access requested by in.tftpd. It is not expected that this access
is required by in.tftpd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./menu.c32,

restorecon -v './menu.c32'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:tftpd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_lib_t:s0
Target Objects                ./menu.c32 [ file ]
Source                        in.tftpd
Source Path                   /usr/sbin/in.tftpd
Port                          <Unknown>
Source RPM Packages           tftp-server-0.48-6.fc10
Target RPM Packages           
Policy RPM                    selinux-policy-3.5.13-26.fc10
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Alert Count                   4
First Seen                    Thu 04 Dec 2008 03:23:19 PM CST
Last Seen                     Thu 04 Dec 2008 03:54:57 PM CST
Local ID                      be33bc6a-3d9c-47bb-8451-8deb16997450
Line Numbers                  

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Notes From Fedora 10 Attempt