On Fri, Dec 12, 2008 at 11:49:47PM +0100, Anton Arapov wrote:
[..snip..]
node=bandura.englab.brq.redhat.com type=AVC
msg=audit(1229121538.953:228):
avc: denied { read write } for pid=22082 comm="semanage"
path="socket:[96400]" dev=sockfs ino=96400
scontext=unconfined_u:unconfined_r:semanage_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=tcp_socket
, have no idea ... this hits just by adding .call(semanage). I tried to reproduce
it in test script, and everything works just fine.
Usually, such things solved by:
fcntl(socket, F_SETFD, FD_CLOEXEC),
but it's python, and I do not see any sockets using,... evenmore, I do not see
why we need 'import socket' in app.py and utils.py, I think they could be
easily removed. ...
[code]
...
url = "http://%s:80/cobbler_api" % (server)
self.xmlrpc_server = ServerProxy(url)
self.xmlrpc_server.get_profiles()
...
[/code]
xmlrpc_server is the descriptor SELinux complaints about.
Not sure how to fix it. I'm not familiar well with this lib so far. Don't you know
if
it possible to use it 'on demand', when we need something from xmlrpc - connect
and
disconnect at the end of operation?
-- Anton