ISE when creating Kickstart Profiles

Solution Unverified - Updated -

Environment

Red Hat Network (RHN) Satelllite 5.5.0

Issue

  • Creating a kickstart profile on Satellite 5.5 throws an internal server error (ISE)
The server experienced a problem which prevented your request from being filled out. It may not be possible to execute this action at this time.
Please help us correct this problem by contacting us with details of how you received this message.

Resolution

  • The interim solution (workaround) is to turn off selinux during kickstart profile creation.

Root Cause

  • selinux context for kickstart cfg files created in /var/lib/rhn/kickstarts/* do not have the proper selinux context. the context should be spacewalk_data_t and not var_lib_t. restorecon will properly return the context to spacewalk_data_t but the link between Cobbler and Satellite will still be non functional.

Diagnostic Steps

  • view the /var/log/audit/audit.log. Look for error message similar to the following:
ype=AVC msg=audit(1348161485.245:3061): avc:  denied  { getattr } for  pid=25933 comm="cobblerd" path="/var/lib/rhn/kickstarts/wizard/mytest--1.cfg" dev=dm-0 ino=1053811 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
  • view selinux context type for kickstart cfg file in /var/lib/rhn/kickstarts/ directory. If the kickstart profile file has a context of var_lib_t then a selinux denial will occur. selinux context should be spacewalk_data_t

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.