Bug 617343
Summary: | SELinux is preventing /usr/bin/python "getattr" access on /boot/memtest86+-4.10. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Goode <adam> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 13 | CC: | dwalsh, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:5098b8207ea76f7112e42db7c29faeadaf1f465c0847eb53c8713cc8b9c5b02c | ||
Fixed In Version: | selinux-policy-3.7.19-41.fc13 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-05 23:39:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Adam Goode
2010-07-22 19:33:12 UTC
# cobbler sync task started: 2010-07-22_153126_sync task started (id=Sync, time=Thu Jul 22 15:31:26 2010) running pre-sync triggers cleaning trees copying bootloaders trying cachelink /usr/share/syslinux/pxelinux.0 -> /var/lib/.link_cache/dcee0040e100cb19231b8223bdd688b464aad22f -> /var/lib/tftpboot/pxelinux.0 copying: /usr/share/syslinux/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying cachelink /usr/share/syslinux/menu.c32 -> /var/lib/.link_cache/87a9d0b4427a17a026a6ba6685faca4c042ee735 -> /var/lib/tftpboot/menu.c32 copying: /usr/share/syslinux/menu.c32 -> /var/lib/tftpboot/menu.c32 copying: /boot/memtest86+-4.10 -> /var/lib/tftpboot/memtest86+-4.10 Exception occured: <class 'cobbler.cexceptions.CX'> Exception value: 'Cannot read: /boot/memtest86+-4.10' Exception Info: File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 95, in run rc = self._run(self) File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 184, in runner return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger) File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 610, in sync return sync.run() File "/usr/lib/python2.6/site-packages/cobbler/action_sync.py", line 112, in run self.pxegen.copy_bootloaders() File "/usr/lib/python2.6/site-packages/cobbler/pxegen.py", line 98, in copy_bootloaders utils.copyfile_pattern('/boot/memtest*', dst, require_match=False, api=self.api, logger=self.logger) File "/usr/lib/python2.6/site-packages/cobbler/utils.py", line 1174, in copyfile_pattern linkfile(file,dst1,symlink_ok=symlink_ok,api=api,logger=logger) File "/usr/lib/python2.6/site-packages/cobbler/utils.py", line 1128, in linkfile return copyfile(src, dst, api=api, logger=logger) File "/usr/lib/python2.6/site-packages/cobbler/utils.py", line 1138, in copyfile raise CX(_("Cannot read: %s") % src) !!! TASK FAILED !!! [root@LAVALIERE tftpboot]# cobbler sync task started: 2010-07-22_153150_sync task started (id=Sync, time=Thu Jul 22 15:31:50 2010) running pre-sync triggers cleaning trees copying bootloaders trying cachelink /usr/share/syslinux/pxelinux.0 -> /var/lib/.link_cache/dcee0040e100cb19231b8223bdd688b464aad22f -> /var/lib/tftpboot/pxelinux.0 copying: /usr/share/syslinux/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying cachelink /usr/share/syslinux/menu.c32 -> /var/lib/.link_cache/87a9d0b4427a17a026a6ba6685faca4c042ee735 -> /var/lib/tftpboot/menu.c32 copying: /usr/share/syslinux/menu.c32 -> /var/lib/tftpboot/menu.c32 Exception occured: <type 'exceptions.OSError'> Exception value: [Errno 13] Permission denied: '/boot/memtest86+-4.10' Exception Info: File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 95, in run rc = self._run(self) File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 184, in runner return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger) File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 610, in sync return sync.run() File "/usr/lib/python2.6/site-packages/cobbler/action_sync.py", line 112, in run self.pxegen.copy_bootloaders() File "/usr/lib/python2.6/site-packages/cobbler/pxegen.py", line 98, in copy_bootloaders utils.copyfile_pattern('/boot/memtest*', dst, require_match=False, api=self.api, logger=self.logger) File "/usr/lib/python2.6/site-packages/cobbler/utils.py", line 1174, in copyfile_pattern linkfile(file,dst1,symlink_ok=symlink_ok,api=api,logger=logger) File "/usr/lib/python2.6/site-packages/cobbler/utils.py", line 1081, in linkfile if os.path.samefile(src, dst): File "/usr/lib64/python2.6/posixpath.py", line 152, in samefile s1 = os.stat(f1) !!! TASK FAILED !!! Oops, pasted twice in that last comment. What does cobbler sync do? Does it need to read/copy files in /boot? Miroslav it looks like we need to add files_read_boot_files(cobblerd_t) Yes, we should allow it. Fixed in selinux-policy-3.7.19-40.fc13 Yes, it copies things from /boot in order to tftp them. Actually, cobbler has many selinux issues, it looks like it has not been tested with selinux in quite some time. This is especially odd since it definitely tries to work with selinux, as shown by the output of "cobbler check". I will try to file some more bugs, though I think it may take several rounds of policy updates to get through them all. selinux-policy-3.7.19-41.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-41.fc13 selinux-policy-3.7.19-41.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-41.fc13 selinux-policy-3.7.19-41.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |