Description of problem: type=AVC msg=audit(1295447557.479:1884): avc: denied { read } for pid=22205 comm="httpd" name="power" dev=dm-2 ino=732899 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:cobbler_etc_t:s0 tclass=dir type=SYSCALL msg=audit(1295447557.479:1884): arch=c000003e syscall=2 success=no exit=-13 a0=7f6eaae68420 a1=90800 a2=0 a3=206562207473756d items=0 ppid=3410 pid=22205 auid=502 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) # restorecon -Rv /etc/cobbler (produces no output) Version-Release number of selected component (if applicable): cobbler-2.0.10-1.fc14.noarch selinux-policy-3.9.7-20.fc14.noarch selinux-policy-targeted-3.9.7-20.fc14.noarch How reproducible: Always Steps to Reproduce: 1. Start cobblerd. 2. Attempt to login to cobbler via web interface. 3. Additional info: I've created a custom policy to allow this read.
Not sure why apache is trying to read this directory? But I would guess this is ok.
The first two bugs look like we have marked them as fixed in policy. We rely on the cobbler maintainers to make sure SELinux does not break when they update. We can not know what is going to break and try to react as fast as possible.
We have in policy cobbler_list_config(httpd_t) But we have a bug in this interface. Fixed in selinux-policy-3.9.7-23.fc14
selinux-policy-3.9.7-25.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-25.fc14
selinux-policy-3.9.7-25.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-25.fc14
selinux-policy-3.9.7-25.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.