Looks like some work is needed on SELinux policy for cobbler. Running 'cobbler check' produces the following AVCs: type=AVC msg=audit(1214999652.615:31): avc: denied { append } for pid=3868 comm="iptables" path="/var/log/cobbler/cobbler.log" dev=md0 ino=7766578 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file type=AVC msg=audit(1214999652.615:31): avc: denied { append } for pid=3868 comm="iptables" path="/var/log/cobbler/cobbler.log" dev=md0 ino=7766578 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1214999652.615:31): arch=c000003e syscall=59 success=yes exit=0 a0=c46780 a1=c003c0 a2=c03b20 a3=8 items=0 ppid=3858 pid=3868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="iptables" exe="/sbin/iptables" subj=unconfined_u:system_r:iptables_t:s0 key=(null) type=AVC msg=audit(1214999652.619:32): avc: denied { append } for pid=3869 comm="iptables" path="/var/log/cobbler/cobbler.log" dev=md0 ino=7766578 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file type=AVC msg=audit(1214999652.619:32): avc: denied { append } for pid=3869 comm="iptables" path="/var/log/cobbler/cobbler.log" dev=md0 ino=7766578 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1214999652.619:32): arch=c000003e syscall=59 success=yes exit=0 a0=c467a0 a1=c003c0 a2=c03b20 a3=8 items=0 ppid=3858 pid=3869 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="iptables" exe="/sbin/iptables" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
This avc has already been fixed in current rawhide. Although I just made a much more global change to allow all system apps and user apps to append to any log file. Eliminating a whole host of these avc's. Now that we have the open perms check we can start to mimic more of the way Unix actually works, and stop getting stupid avc messages. Fixed in selinux-policy-3.4.2-10.fc10