Description of problem: type=AVC msg=audit(1295448077.536:1970): avc: denied { read } for pid=22566 comm="cobblerd" name="images" dev=dm-2 ino=327782 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:tftpdir_rw_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1295448077.536:1970): arch=c000003e syscall=4 success=no exit=-13 a0=1bd8350 a1=7fff693e35c0 a2=7fff693e35c0 a3=62696c2f7261762f items=0 ppid=22565 pid=22566 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=270 comm="cobblerd" exe="/usr/bin/python" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) # restorecon -Rv /var/lib/tftpboot/grub/images (produces no output) Version-Release number of selected component (if applicable): cobbler-2.0.10-1.fc14.noarch selinux-policy-3.9.7-20.fc14.noarch selinux-policy-targeted-3.9.7-20.fc14.noarch How reproducible: Always Steps to Reproduce: 1. Upgrade from Fedora 13 (working) to Fedora 14 (not working) 2. Start cobblerd service. Actual results: cobblerd will not start. Expected results: cobblerd started. Additional info: I created a custom policy to allow this access. cobblerd starts successfully.
Looks like the labeling is in selinux-policy-3.9.7-22.fc14 yum -y update selinux-policy-targeted --enablerepo=updates-testing
(In reply to comment #1) > Looks like the labeling is in selinux-policy-3.9.7-22.fc14 > > yum -y update selinux-policy-targeted --enablerepo=updates-testing Unfortunately this update is not in updates-testing just yet (and not even in Bodhi).
Yes. You can install the latest build from koji for now http://koji.fedoraproject.org/koji/buildinfo?buildID=214872
This was fixed a while back.