Description of problem: When running cobbler sync with the latest cobbler 2.2, it fails with AVC denials. The cause is very similar as the bug 813206, this time for directory /var/www/cobbler/images. Version-Release number of selected component (if applicable): # rpm -q cobbler cobbler-2.2.1-1.el6.noarch How reproducible: Deterministic. Steps to Reproduce: 1. Have Spacewalk nightly installed, have some kickstarts defined. 2. Workaround bug 813206, bug 816596, and bug 816834. 3. Run cobbler sync. Actual results: # cobbler sync task started: 2012-04-27_024830_sync task started (id=Sync, time=Fri Apr 27 02:48:30 2012) running pre-sync triggers cleaning trees removing: /var/lib/tftpboot/pxelinux.cfg/default removing: /var/lib/tftpboot/grub/efidefault removing: /var/lib/tftpboot/grub/images removing: /var/lib/tftpboot/images/ks-nfs-channel-vxuxv-17071:1:SpacewalkDefaultOrganization removing: /var/lib/tftpboot/images/ks-local-channel-vxuxv-17071:1:SpacewalkDefaultOrganization removing: /var/lib/tftpboot/images/ks-distro-test-i386-1:1:SpacewalkDefaultOrganization removing: /var/lib/tftpboot/images/ks-bug493176-13001:1:SpacewalkDefaultOrganization removing: /var/lib/tftpboot/images/ks-local-parent-yuyxq:1:SpacewalkDefaultOrganization removing: /var/lib/tftpboot/s390x/profile_list copying bootloaders copying: /usr/share/syslinux/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 copying: /usr/share/syslinux/menu.c32 -> /var/lib/tftpboot/menu.c32 copying: /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk copying distros to tftpboot copying files for distro: ks-local-channel-vxuxv-17071:1:SpacewalkDefaultOrganization trying hardlink /tmp/tmp.8ZT7H4v9AO/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/ks-local-channel-vxuxv-17071:1:SpacewalkDefaultOrganization/vmlinuz trying hardlink /tmp/tmp.8ZT7H4v9AO/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/ks-local-channel-vxuxv-17071:1:SpacewalkDefaultOrganization/initrd.img copying files for distro: ks-local-parent-yuyxq:1:SpacewalkDefaultOrganization trying hardlink /tmp/tmp.cgbKvpWAz7/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/ks-local-parent-yuyxq:1:SpacewalkDefaultOrganization/vmlinuz trying hardlink /tmp/tmp.cgbKvpWAz7/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/ks-local-parent-yuyxq:1:SpacewalkDefaultOrganization/initrd.img copying files for distro: ks-bug493176-13001:1:SpacewalkDefaultOrganization trying hardlink /tmp/tmp.OdDWNF3wfU/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/ks-bug493176-13001:1:SpacewalkDefaultOrganization/vmlinuz trying hardlink /tmp/tmp.OdDWNF3wfU/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/ks-bug493176-13001:1:SpacewalkDefaultOrganization/initrd.img copying images generating PXE configuration files generating PXE menu structure copying files for distro: ks-local-channel-vxuxv-17071:1:SpacewalkDefaultOrganization Exception occured: <type 'exceptions.TypeError'> Exception value: not all arguments converted during string formatting Exception Info: File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 93, in run rc = self._run(self) File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 188, in runner return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger) File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 701, in sync return sync.run() File "/usr/lib/python2.6/site-packages/cobbler/action_sync.py", line 123, in run self.settings.webdir,True) File "/usr/lib/python2.6/site-packages/cobbler/pxegen.py", line 146, in copy_single_distro_files utils.mkdir(distro_dir) File "/usr/lib/python2.6/site-packages/cobbler/utils.py", line 1285, in mkdir raise CX(_("Error creating") % path) !!! TASK FAILED !!! AVC denial type=AVC msg=audit(1335509289.696:1228): avc: denied { search } for pid=26159 comm="cobblerd" name="" dev=0:14 ino=29290906 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir Expected results: No error. Additional info: When run in permissive, the AVC denials are type=AVC msg=audit(1335509311.700:1229): avc: denied { write } for pid=26360 comm="cobblerd" name="cobbler" dev=dm-0 ino=1582844 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:httpd_cobbler_content_t:s0 tclass=dir type=AVC msg=audit(1335509720.611:1237): avc: denied { write } for pid=29663 comm="cobblerd" name="cobbler" dev=dm-0 ino=1582844 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:httpd_cobbler_content_t:s0 tclass=dir type=AVC msg=audit(1335509720.611:1237): avc: denied { add_name } for pid=29663 comm="cobblerd" name="images" scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:httpd_cobbler_content_t:s0 tclass=dir type=AVC msg=audit(1335509720.611:1237): avc: denied { create } for pid=29663 comm="cobblerd" name="images" scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:httpd_cobbler_content_t:s0 tclass=dir type=AVC msg=audit(1335509720.619:1238): avc: denied { write } for pid=29663 comm="cobblerd" name="images" dev=dm-0 ino=1583104 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:httpd_cobbler_content_t:s0 tclass=dir type=AVC msg=audit(1335509720.619:1238): avc: denied { add_name } for pid=29663 comm="cobblerd" name="ks-local-channel-vxuxv-17071:1:SpacewalkDefaultOrganization" scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:httpd_cobbler_content_t:s0 tclass=dir So the problem is indeed with the /var/www/cobbler/images directory missing from the cobbler-2.2 rpm, which is a regression against cobbler 2.0. With bug 813206, bug 816596, bug 816834, and now this one, isn't it time to revert to cobbler 2.0 in EPEL ASAP?
Fixed along with the missing "rendered" directory in the current master branch, will be released in version 2.2.3: https://github.com/cobbler/cobbler/pull/182