get ispec working with selinux. http://fedora.redhat.com/docs/selinux-apache-fc3/sn-debugging-and-customizing.html#sn-httpd-booleans documents what needs to be done i think.
SELinux failure symptoms: 1) 'trees' list doesn't get populated in iSpec 2) An 'avc: denied' message appears in /var/log/messages: Jan 13 12:43:13 dhcp59-242 kernel: audit(1105638193.387:0): avc: denied { search } for pid=9625 exe=/usr/bin/perl name=mnt dev=sdb1 ino=392449 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:mnt_t tclass=dir (trees/RHEL4 was a softlink to an NFS-mounted RHEL tree under /mnt) Note that iSpec appears to work fine if the RHEL tree is actually copied to the local disk. It appears that httpd is not allowed to mess around in /mnt or read from nfs or iso9660 filesystems (e.g. NFS-mounted filesystems or loopback mounted iso images under trees/).
Workaround: Mount ISO images or NFS filesystems in directories under /var/www/html/ispec/trees using the mount option 'context=system_u:object_r:httpd_sys_content_t'. This will allow httpd to read from the filesystem. We should add a script to mount a set of ISOs (or an NFS export) with the proper flags.
scripts added
Created attachment 110274 [details] ispec-iso-mount
Created attachment 110275 [details] ispec-nfs-mount
Comment on attachment 110274 [details] ispec-iso-mount Script for mounting ISO images so they can be used by iSpec.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-051.html