Summary: SELinux is preventing /usr/bin/python "read" access on cobbler. Detailed Description: SELinux denied access requested by cobblerd. It is not expected that this access is required by cobblerd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:cobblerd_t:s0 Target Context system_u:object_r:httpd_cobbler_content_t:s0 Target Objects cobbler [ dir ] Source cobblerd Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.7-8.fc14.1 Target RPM Packages Policy RPM selinux-policy-3.9.7-1.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.6-43.fc14.x86_64 #1 SMP Wed Oct 13 21:23:02 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Fri 15 Oct 2010 10:16:17 AM EDT Last Seen Fri 15 Oct 2010 10:16:17 AM EDT Local ID 946734ed-9f14-45c4-b83e-a3ce99ad3ca3 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1287152177.362:64830): avc: denied { read } for pid=3459 comm="cobblerd" name="cobbler" dev=dm-12 ino=917901 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:httpd_cobbler_content_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1287152177.362:64830): arch=c000003e syscall=2 success=no exit=-13 a0=7f31040034a0 a1=90800 a2=0 a3=206562207473756d items=0 ppid=1 pid=3459 auid=3633 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="cobblerd" exe="/usr/bin/python" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) Hash String generated from catchall,cobblerd,cobblerd_t,httpd_cobbler_content_t,dir,read audit2allow suggests: #============= cobblerd_t ============== allow cobblerd_t httpd_cobbler_content_t:dir read;
Fixed in selinux-policy-3.9.7-3.fc14
selinux-policy-3.9.7-3.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-3.fc14
selinux-policy-3.9.7-3.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-3.fc14
selinux-policy-3.9.7-3.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.