| Summary: | avc: denied { search } for comm="cobblerd" name="satellite" scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:spacewalk_data_t:s0 tclass=dir | ||
|---|---|---|---|
| Product: | Red Hat Satellite 5 | Reporter: | Milan Zázrivec <mzazrivec> |
| Component: | Server | Assignee: | Michael Mráka <mmraka> |
| Status: | CLOSED ERRATA | QA Contact: | Šimon Lukašík <slukasik> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 541 | CC: | cperry, jhutar, jpazdziora, mmraka, mzazrivec, slukasik |
| Target Milestone: | --- | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | spacewalk-selinux-1.2.1-3 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-17 02:43:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 702274 | ||
| Bug Blocks: | 677501, 677509 | ||
The spacewalk-selinux fix for bug 702274 also fixes this issue. Verified as per bug 702274 comment 15. Verified in stage w/ spacewalk-selinux-1.2.1-5 -> release pending. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. https://rhn.redhat.com/errata/RHEA-2011-0875.html |
Description of problem: * Satellite 5.4.1 @ RHEL-6.1 * Custom distribution kickstartable tree placed on Satellite's filer (i.e. /var/satellite) * creation of custom distribution in webui fails with an error message: The kernel could not be found at the specified location: ... * Following SELinux denials show: type=AVC msg=audit(1302172437.980:21641): avc: denied { search } for pid=1349 comm="cobblerd" name="satellite" dev=vda1 ino=929797 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:spacewalk_data_t:s0 tclass=dir Version-Release number of selected component (if applicable): selinux-policy-3.7.19-80.el6.noarch cobbler-2.0.7-8.el6sat.noarch How reproducible: Always Steps to Reproduce: 1. Try to create custom distribution in Satellite webui (the path pointing to a location on your filer) Actual results: The action fails, selinux denial occurs. Expected results: The action succeeds, no SELinux denials. Additional info: The thing works w/ SELinux permissive. The same problem will most likely show with kickstart distributions downloaded from RHN.