Description of problem: Satellite 5 uses cobbler to write the templates used to boot machines, including files in the /tftpboot directory. Normally these are given the tftpdir_t type, but in earlier Satellite 5 installations they use the public_content_rw_t type. Cobbler is unable to write to this directory in the standard SELinux policy This access can be allowed by turning on the cobbler_anon_write SELinux boolean switch. The Satellite 5 installation documentation should recommend turning on this boolean permanently using the command: setsebool -P cobbler_anon_write on Version-Release number of selected component (if applicable): Satellite 5.7 How reproducible: Always. Steps to Reproduce: 1. Install Satellite 5.7 with TFTP options for PXE booting. 2. Create /tftpboot directory, give it public_content_rw_t type 3. Try to use cobbler to set up a kickstart file in /tftpboot Actual results: 4. AVC denial message, cobbler cannot create file. Expected results: 1a. Documentation guided user to turn SELinux boolean on. 4. Cobbler creates file, kittens frolic with joy. Additional info:
Moving to 'NEW' and the default assignee to be triaged as the schedule allows.
Hi Russell, I've merged the MR for 5.8. As requested, I will leave the 5.7 MR to you. Please feel free to move the bug to VERIFIED after you've merged the 5.7 MR. Cheers, Julie
Andrew, Please republish the Satellite 5.7 Installation Guide.
Hi Russell, Thank you for your needinfo request. The Installation Guide for Satellite 5.7 is now queued for publication; closing. Kind regards, Andrew