SELinux is preventing /usr/bin/python from 'write' accesses on the directory images. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that python should be allowed write access on the images directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep /usr/bin/python /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:system_r:cobblerd_t:s0 Target Context system_u:object_r:public_content_t:s0 Target Objects images [ dir ] Source cobblerd Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.7-8.fc14.1 Target RPM Packages Policy RPM selinux-policy-3.9.7-19.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.35.10-74.fc14.x86_64 #1 SMP Thu Dec 23 16:04:50 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Mon 10 Jan 2011 12:58:10 PM CST Last Seen Mon 10 Jan 2011 12:58:10 PM CST Local ID e77af41a-ff5c-4554-8bb8-1d972db75981 Raw Audit Messages type=AVC msg=audit(1294685890.990:222): avc: denied { write } for pid=10148 comm="cobblerd" name="images" dev=dm-0 ino=1056517 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:public_content_t:s0 tclass=dir cobblerd,cobblerd_t,public_content_t,dir,write type=SYSCALL msg=audit(1294685890.990:222): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=7fbac801f690 a1=1ed a2=3c25bcbd80 a3=34365f3638782d items=0 ppid=1 pid=10148 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=cobblerd exe=/usr/bin/python subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) cobblerd,cobblerd_t,public_content_t,dir,write #============= cobblerd_t ============== #!!!! The source type 'cobblerd_t' can write to a 'dir' of the following types: # named_zone_t, cobbler_var_log_t, cobbler_var_lib_t, tmp_t, etc_t, tftpdir_rw_t, rsync_etc_t, cobbler_tmp_t, httpd_cobbler_rw_content_t, var_lib_t, var_log_t, root_t allow cobblerd_t public_content_t:dir write;
Just wanted to add that this happened while implementing cobbler. Specifically, while importing Fedora 14 x86_64 DVD iso image.
What is the patch to the images directory?
(In reply to comment #2) > What is the patch to the images directory? Ah, you got me there. I wouldn't know. Can you guide me in order to provide feedback?
Could you add your output of # ls -dZ /var/lib/tftpboot/images # ls -dZ /var/www/cobbler/images Did you run the "cobbler check" command and setup the "public_content_t" label for the images directory according these instructions, which the "cobbler check" command showed you.
(In reply to comment #4) > Could you add your output of > > # ls -dZ /var/lib/tftpboot/images > > # ls -dZ /var/www/cobbler/images [renich@jalisco ~]$ ls -dZ /var/lib/tftpboot/images drwxr-xr-x. root root system_u:object_r:public_content_t:s0 /var/lib/tftpboot/images [renich@jalisco ~]$ ls -dZ /var/www/cobbler/images drwxr-xr-x. apache apache system_u:object_r:cobbler_var_lib_t:s0 /var/www/cobbler/images > Did you run the "cobbler check" command and setup the "public_content_t" label > for the images directory according these instructions, which the "cobbler > check" command showed you. Yes, and I did all it asked; except for the web interface thing... but, anyway, did it all.
Ok, just execute # restorecon -R -v /var/lib/tftpboot/images will fix. *** This bug has been marked as a duplicate of bug 667933 ***