Quick Links

Making Cobbler work with SElinux on CentOS / RHEL 6

By default, Cobbler will not work properly on a CentOS / RHEL 6 machine with SElinux enabled. The easy way out is to disable SElinux entirely, but I prefer to write a custom policy instead – it is not that difficult.

The basic approach is this:

Use Cobbler as you normally would (you will trigger several SElinux denials, so expect errors)
Extract the relevant SElinux audit messages; convert them into a local policy
Load your local policy
Repeat steps 1..3 until everything works as expected

First attempt: the “cobbler import” command fails; rsync cannot access files on the mounted DVD ISO. Time to start writing a [...]

Continue reading Making Cobbler work with SElinux on CentOS / RHEL 6

December 19th, 2011 | Tags: , , , , | Category: Work | One comment - (Comments are closed)

Tip: Fedora 14 and Dropbox

The current version of Dropbox does not behave nicely on Fedora 14 – the Dropbox update daemon attempts to execute code from stack. This is prohibited by SELinux (and rightly so).

There is a workaround (taken from the Dropbox Support forum):

/usr/bin/execstack -c ~/.dropbox-dist/_ctypes.so

Let’s hope that Dropbox releases a proper fix for this problem soon.

May 2nd, 2011 | Tags: , , , , , | Category: Work | Comments are closed

The trouble with setroubleshootd

Pop quiz: what is wrong with this picture?

top – 17:15:07 up 5 days, 17:35,  1 user,  load average: 3.76, 4.97, 3.18
Tasks: 135 total,   2 running, 133 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.0%us,  0.5%sy,  0.0%ni, 52.3%id, 47.2%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   2097152k total,  2088744k used,     8408k free,     2564k buffers
Swap:  1048568k total,   946156k used,   102412k free,    45548k cached

PID USER      PR  [...]

Continue reading The trouble with setroubleshootd

November 18th, 2010 | Tags: , , | Category: Work | Comments are closed

Configuring SELinux for WordPress

I recently installed WordPress 2.9.2 on my webservers.

Since these servers are obviously connected to the Internet, they run with SELinux enabled. This means that you cannot use the standard FTP functionality in the WordPress admin panel to manage your themes and plugins.

If you configure SELinux properly, you can enjoy the comforts of WordPress without compromising security.

June 23rd, 2010 | Tags: , , | Category: Work | Comments are closed