[Spacewalk-list] Problem starting cobbler in CentOS 6.3
Registros Web
registros.web at gmail.com
Thu Aug 9 13:15:13 UTC 2012
Hi all,
This is what I've been getting when trying to start cobbler in CentOS 6.3:
[root]# /etc/init.d/cobblerd start
Starting cobbler daemon: Traceback (most recent call last):
File "/usr/bin/cobblerd", line 76, in main
api = cobbler_api.BootAPI(is_cobblerd=True)
File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 127, in __init__
module_loader.load_modules()
File "/usr/lib/python2.6/site-packages/cobbler/module_loader.py",
line 62, in load_modules
blip = __import__("modules.%s" % ( modname), globals(), locals(),
[modname])
File "/usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.py",
line 53, in <module>
from ctypes import CDLL, POINTER, Structure, CFUNCTYPE, cast,
pointer, sizeof
File "/usr/lib64/python2.6/ctypes/__init__.py", line 546, in <module>
CFUNCTYPE(c_int)(lambda: None)
MemoryError
[ OK ]
[root]# /etc/init.d/cobblerd status
cobblerd dead but subsys locked
Looking for errors in SELinux, I found this:
--------------------------------------------------------------------------------
SELinux is preventing /usr/bin/python from search access on the
directory /dev/shm.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that python should be allowed search access on the shm
directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
--------------------------------------------------------------------------------
SELinux is preventing /usr/bin/python from execute access on the file
/tmp/ffiS9Yrsn (deleted).
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that python should be allowed execute access on the
ffiS9Yrsn (deleted) file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
--------------------------------------------------------------------------------
I then put selinux in permissive mode and cobbler worked like a charm:
[root]# /etc/init.d/cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]
Searching the net for the problem, i found this thread:
http://www.mail-archive.com/cobbler@lists.fedorahosted.org/msg07650.html.
Seems the trouble comes with cobbler package 2.2.3 and not with
previous versions.
The workaround given in the thread is to:
1.- Do the audit2allow thing: grep cobblerd /var/log/audit/audit.log |
audit2allow -M mypol && semodule -i mypol.pp
2.- Move (or remove) these files:
/usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.py
/usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.pyc
/usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.pyo
And so I did and now cobbler starts fine with SELinux in enforcing mode.
I am posting all this in case someone have the same problem, and to
ask a couple of questions about the workaround:
- does the 'audit2allow' thing survive a reboot?, is is something safe to do?
- I understand the deleted files (authn_pam) relate to pam and since
I'm not using it on spacewalk there is no problem removing them,
right?
Cheers!
Fred.
“Free software” is a matter of liberty, not price. To understand the
concept, you should think of “free” as in “free speech”, not as in
“free beer”.
Free software is a matter of the users' freedom to run, copy,
distribute, study, change and improve the software.
More information about the Spacewalk-list
mailing list