[Spacewalk-list] Spacewalk with enforced SELINUX

Pierre Casenove pcasenove at gmail.com
Wed Mar 12 14:18:10 UTC 2014 

Hello,
I still have one last question on SELINUX context.
As /data/satellite, which is my mount point, is a NFS exported filesystem,
what do I have to do?
- Only set spacewalk_nfs_mountpoint selinux boolean
- Set the boolean and mount the filesystem with the "context" option *mount
-t nfs -o context=**system_u:object_r:spacewalk_data_t** server:/shared/foo
/mnt/foo*
- Run restorecon on /data/satellite?

I'm a bit lost on selinux and NFS...

Pierre

2013-09-11 16:51 GMT+02:00 Pierre Casenove <pcasenove at gmail.com>:

> Thanks a lot for your hel^p
>
> Pierre
>
>
> 2013/9/11 Maria Iano <maria at purplecoffee.com>
>
>> On Wed, Sep 11, 2013 at 03:44:08PM +0200, Pierre Casenove wrote:
>> > Hello,
>> > My spacewalk server is currently running on RHEL 5 x64. I'm currently
>> > considering the migration under RHEL 6 x64.
>> > The big modification between rhel 5 and rhel 6 in our setup is that we
>> > activate SELINUX in enforcing mode in rhel 6.
>> > I know that spacewlak is running well with SELINUX in enforcing mode
>> but we
>> > modify 2 parameters from the standard installation:
>> > - mount_point is set to /data/satellite instead of default
>> /var/satellite.
>> > What selinux context should I apply on this folder (and subfolders)?
>> > - /data/satellite is in fact a NFS mount. Are there SELINUX booleans to
>> > activate to have spacewalk work using a NFS mount?
>> >
>>
>> Take a look at the files in /etc/selinux/targeted/contexts/files to see
>> what the contexts are for the standard location, or use matchpathcon.
>> That will tell you what to use in your non-standard location.
>>
>> If you use the -C flag with sesearch it will tell you what boolean is
>> involved.
>>
>> Finally, make sure you have the setroubleshoot package installed to get
>> alerts with helpful information when selinux blocks something.
>>
>> Maria
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20140312/12a89cd7/attachment.htm>

More information about the Spacewalk-list mailing list