[Spacewalk-list] Problem starting cobbler in CentOS 6.3

Jan Hutař jhutar at redhat.com
Thu Aug 9 13:30:10 UTC 2012 

On Thu, 9 Aug 2012 15:15:13 +0200 Registros Web
<registros.web at gmail.com> wrote:

> Hi all,
> 
> This is what I've been getting when trying to start cobbler in
> CentOS 6.3:
> 
> [root]# /etc/init.d/cobblerd start
> Starting cobbler daemon: Traceback (most recent call last):
>   File "/usr/bin/cobblerd", line 76, in main
>     api = cobbler_api.BootAPI(is_cobblerd=True)
>   File "/usr/lib/python2.6/site-packages/cobbler/api.py", line
> 127, in __init__ module_loader.load_modules()
>   File
> "/usr/lib/python2.6/site-packages/cobbler/module_loader.py",
> line 62, in load_modules blip =  __import__("modules.%s" %
> ( modname), globals(), locals(), [modname])
>   File
> "/usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.py",
> line 53, in <module> from ctypes import CDLL, POINTER,
> Structure, CFUNCTYPE, cast, pointer, sizeof
>   File "/usr/lib64/python2.6/ctypes/__init__.py", line 546, in
> <module> CFUNCTYPE(c_int)(lambda: None)
> MemoryError
>                                                            [  OK  ]

It is this:

https://bugzilla.redhat.com/show_bug.cgi?id=838898

Regards,
Jan



> [root]# /etc/init.d/cobblerd status
> cobblerd dead but subsys locked
> 
> 
> Looking for errors in SELinux, I found this:
> 
> --------------------------------------------------------------------------------
> SELinux is preventing /usr/bin/python from search access on the
> directory /dev/shm.
> 
> *****  Plugin catchall (100. confidence) suggests
> *************************** If you believe that python should
> be allowed search access on the shm directory by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> --------------------------------------------------------------------------------
> SELinux is preventing /usr/bin/python from execute access on
> the file /tmp/ffiS9Yrsn (deleted).
> 
> *****  Plugin catchall (100. confidence) suggests
> *************************** If you believe that python should
> be allowed execute access on the ffiS9Yrsn (deleted) file by
> default. Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep cobblerd /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> --------------------------------------------------------------------------------
> 
> I then put selinux in permissive mode and cobbler worked like
> a charm:
> 
> [root]# /etc/init.d/cobblerd restart
> Stopping cobbler daemon:
> [  OK  ] Starting cobbler
> daemon:                                   [  OK  ]
> 
> 
> Searching the net for the problem, i found this thread:
> http://www.mail-archive.com/cobbler@lists.fedorahosted.org/msg07650.html.
> 
> Seems the trouble comes with cobbler package 2.2.3 and not with
> previous versions.
> 
> The workaround given in the thread is to:
> 
> 1.- Do the audit2allow thing: grep
> cobblerd /var/log/audit/audit.log | audit2allow -M mypol &&
> semodule -i mypol.pp
> 
> 2.- Move (or remove) these files:
> /usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.py
> /usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.pyc
> /usr/lib/python2.6/site-packages/cobbler/modules/authn_pam.pyo
> 
> 
> And so I did and now cobbler starts fine with SELinux in
> enforcing mode.
> 
> I am posting all this in case someone have the same problem,
> and to ask a couple of questions about the workaround:
> 
> - does the 'audit2allow' thing survive a reboot?, is is
> something safe to do?
> - I understand the deleted files (authn_pam) relate to pam and
> since I'm not using it on spacewalk there is no problem
> removing them, right?
> 
> 
> Cheers!
> Fred.
> 
> 
> “Free software” is a matter of liberty, not price. To
> understand the concept, you should think of “free” as in “free
> speech”, not as in “free beer”.
> 
> Free software is a matter of the users' freedom to run, copy,
> distribute, study, change and improve the software.
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list


-- 
Jan Hutar     Systems Management QA
jhutar at redhat.com     Red Hat, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20120809/d22fb72e/attachment.sig>

More information about the Spacewalk-list mailing list