I've been doing a good amount of testing with Cobbler on SELinux, and
basically there are a few things that have been changed:
(A) Anton's patch to do the SELinux contexts for koan LVM parititions
(B) Closing file descriptors any time there is a subprocess call
(close_fds=True) throughout cobbler.
(C) Calling restorecon in various copies within cobbler to ensure
tftpboot context (among other things) is correct.
Combing all of these changes together should make Cobbler + koan SELinux
happy again. When testing, you are encouraged to run in permissive mode
(strict if you like) and also have
setroubleshoot installed.
The goal should be that there are /no/ warnings from setroubleshoot
whatsoever from running any Cobbler or koan operation. If you see any,
let us know.
This worked nicely for previous Cobbler versions on older OS's, but as
SELinux grows in scope and the policy changes, it's important to keep an
eye out for these things -- especially because Cobbler is glue between a
lot of different things that all need to play nice with one another.
Thanks!
--Michael