Description of problem: see steps to reproduce Version-Release number of selected component (if applicable): Spacewalk 1.3 nightly How reproducible: always Steps to Reproduce: 1. setenforce 1 2. install SW on Pg (probably not required) 3. wait till Cobbler Sync task from taskomatic start Actual results: In /var/log/cobbler/cobbler.log Tue Jan 11 05:18:03 2011 - INFO | Exception occured: <class 'cobbler.cexceptions.CX'> Tue Jan 11 05:18:03 2011 - INFO | Exception value: 'kernel not found: /var/satellite/rhn/kickstart/ks-rhel-i386-server-5/images/pxeboot/vmlinuz' Tue Jan 11 05:18:03 2011 - INFO | Exception Info: File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 1759, in _dispatch return method_handle(*params) File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 761, in modify_distro return self.modify_item("distro",object_id,attribute,arg,token) File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 758, in modify_item return method(arg) File "/usr/lib/python2.6/site-packages/cobbler/item_distro.py", line 160, in set_kernel raise CX("kernel not found: %s" % kernel) And in /var/log/audit/audit.log: type=AVC msg=audit(1294745160.620:35470): avc: denied { search } for pid=29651 comm="cobblerd" name="satellite" dev=dm-0 ino=2111208 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:spacewalk_data_t:s0 tclass=dir type=AVC msg=audit(1294745160.620:35470): avc: denied { search } for pid=29651 comm="cobblerd" name="rhn" dev=dm-0 ino=2112280 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:spacewalk_data_t:s0 tclass=dir type=AVC msg=audit(1294745160.620:35470): avc: denied { getattr } for pid=29651 comm="cobblerd" path="/var/satellite/rhn/kickstart/ks-rhel-i386-server-5/images/pxeboot/vmlinuz" dev=dm-0 ino=2364646 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:spacewalk_data_t:s0 tclass=file type=SYSCALL msg=audit(1294745160.620:35470): arch=c000003e syscall=4 success=yes exit=0 a0=7f8a5000a090 a1=7f8a5e600a10 a2=7f8a5e600a10 a3=6d762f746f6f6265 items=0 ppid=1 pid=29651 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cobblerd" exe="/usr/bin/python" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) type=AVC msg=audit(1294745160.663:35471): avc: denied { getattr } for pid=29654 comm="cobblerd" path="/var/satellite" dev=dm-0 ino=2111208 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:spacewalk_data_t:s0 tclass=dir type=SYSCALL msg=audit(1294745160.663:35471): arch=c000003e syscall=6 success=yes exit=0 a0=7f8a5800c4c0 a1=7f8a5f000f70 a2=7f8a5f000f70 a3=20 items=0 ppid=1 pid=29654 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cobblerd" exe="/usr/bin/python" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) type=AVC msg=audit(1294745160.663:35472): avc: denied { getattr } for pid=29654 comm="cobblerd" path="/var/satellite/rhn" dev=dm-0 ino=2112280 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:spacewalk_data_t:s0 tclass=dir type=SYSCALL msg=audit(1294745160.663:35472): arch=c000003e syscall=6 success=yes exit=0 a0=7f8a5800c4c0 a1=7f8a5f000f70 a2=7f8a5f000f70 a3=20 items=0 ppid=1 pid=29654 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cobblerd" exe="/usr/bin/python" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) type=AVC msg=audit(1294745160.668:35473): avc: denied { link } for pid=29654 comm="cobblerd" name="vmlinuz" dev=dm-0 ino=2364646 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:spacewalk_data_t:s0 tclass=file type=SYSCALL msg=audit(1294745160.668:35473): arch=c000003e syscall=86 success=yes exit=0 a0=7f8a580040a0 a1=7f8a58025f20 a2=32807b27e0 a3=3833692d6c656872 items=0 ppid=1 pid=29654 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cobblerd" exe="/usr/bin/python" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) Expected results: no errors with selinux enabled Additional info:
We did not have time for this one during Spacewalk 1.4 time frame. Mass moving to Spacewalk 1.5.
Aligning under space16.
This bug has been fixed in Spacewalk 1.5 by commit 121140517b765134eeb56caff84fdbb88247ccf3 702274 - allow cobblerd_t to read spacewalk_data_t