Bug 144991 - ispec doesn't work with selinux
ispec doesn't work with selinux
Product: Red Hat Ready Certification Tests
Classification: Retired
Component: ispec (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Will Woods
Richard Li
Depends On:
Blocks: 143442
  Show dependency treegraph
Reported: 2005-01-13 10:03 EST by Richard Li
Modified: 2007-04-18 13:18 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-01 10:19:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
ispec-iso-mount (2.18 KB, text/plain)
2005-01-26 16:43 EST, Will Woods
no flags Details
ispec-nfs-mount (1.79 KB, text/plain)
2005-01-26 16:44 EST, Will Woods
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:051 normal SHIPPED_LIVE Updated Hardware Certification Suite packages 2005-02-01 00:00:00 EST

  None (edit)
Description Richard Li 2005-01-13 10:03:19 EST
get ispec working with selinux.


documents what needs to be done i think.
Comment 1 Will Woods 2005-01-13 13:12:10 EST
SELinux failure symptoms:
1) 'trees' list doesn't get populated in iSpec
2) An 'avc: denied' message appears in /var/log/messages:

Jan 13 12:43:13 dhcp59-242 kernel: audit(1105638193.387:0): avc:  denied  {
search } for  pid=9625 exe=/usr/bin/perl name=mnt dev=sdb1 ino=392449
scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:mnt_t 
(trees/RHEL4 was a softlink to an NFS-mounted RHEL tree under /mnt)

Note that iSpec appears to work fine if the RHEL tree is actually copied to the
local disk. It appears that httpd is not allowed to mess around in /mnt or read
from nfs or iso9660 filesystems (e.g. NFS-mounted filesystems or loopback
mounted iso images under trees/).
Comment 2 Will Woods 2005-01-19 12:28:27 EST

Mount ISO images or NFS filesystems in directories under
/var/www/html/ispec/trees using the mount option
'context=system_u:object_r:httpd_sys_content_t'. This will allow httpd to read
from the filesystem.

We should add a script to mount a set of ISOs (or an NFS export) with the proper
Comment 3 Richard Li 2005-01-21 13:45:05 EST
scripts added
Comment 4 Will Woods 2005-01-26 16:43:38 EST
Created attachment 110274 [details]
Comment 5 Will Woods 2005-01-26 16:44:22 EST
Created attachment 110275 [details]
Comment 6 Will Woods 2005-01-26 16:45:09 EST
Comment on attachment 110274 [details]

Script for mounting ISO images so they can be used by iSpec.
Comment 7 David Lawrence 2005-02-01 10:19:54 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.