On Tue, 2008-12-16 at 08:24 -0500, James Laska wrote:
On Mon, 2008-12-15 at 18:04 -0500, Michael DeHaan wrote:
> I've now made these changes on the devel branch.
>
> Folks with EL 4 or EL 5 who are interested in contributing some testing
> may want to try out Cobbler with SELinux enabled/permissive on EL 4.
>
> There is code in utils.py to remove some hardlinking when needed on EL 4
> to enable the restorecon operations to be sent down as needed since
> there is no public_content_t type but only tftpdir_t and httpd_sys_content_t
Using freshly built packages from the devel branch results in a lot of
chcon failures while attempting to change the context of my nfs mounted
storage ...
# cobbler sync
...
chcon operation failed: ['/usr/bin/chcon', '-t',
'public_content_t',
'/mnt/engarchive2/released/F-10/GOLD/Fedora/i386/os/images/pxeboot/vmlinuz-PAE']
/usr/bin/chcon: failed to change context of
`/mnt/engarchive2/released/F-8/GOLD/Fedora/ppc/os/ppc/ppc32/vmlinuz' to
`system_u:object_r:public_content_t:s0': Read-only file system
chcon operation failed: ['/usr/bin/chcon', '-t',
'public_content_t',
'/mnt/engarchive2/released/F-8/GOLD/Fedora/ppc/os/ppc/ppc32/vmlinuz']
I have the following SELinux nfs-related booleans [un]set.
httpd_use_nfs --> on
nfs_export_all_ro --> on
nfs_export_all_rw --> on
qemu_use_nfs --> on
virt_use_nfs --> off
More info ...
Unless otherwise specified on the cmdline or in /etc/fstab, I believe
nfs mounts get the context: nfs_t.
Do we need to check if the files are hosted on a local vs remote
filesystem before calling `chcon`?
Thanks,
James
--
==========================================
James Laska -- jlaska(a)redhat.com
Quality Engineering -- Red Hat, Inc.
==========================================