Selinux policy fail to mount image folder



  • Re: SELinux Policy
    I was try incorporated selinux policy on my Fedora 25, everything seem to go well when i install the selinux policy, no error. But every time I go to capture image it fail to mount the image folder and capture of image fails. My setup has the upto date fog through github, and for image folder I have as secondary drive format in ntfs. I am wondering if the ntfs format has anything to do with this problem. The minute I disable selinux everything is working with no problem, I would like to run fog with selinux enforcing.



  • @Joe-Schmitt I have no problem with that. Anything to help fog with


  • Senior Developer

    @zacksiga If you’re willing to have your server run SEPermissive for a little bit, I can assist with creating a policy from the collected data, and if it works I’ll update our main repository with the new policy.



  • Sorry for the late reply, I was actually think the same thing and I will give that a try and see what happens.


  • Moderator

    This is the best video I know of on the net regarding the subject. You will have to fine-tune SELinux, you can’t use the defaults with fog, they don’t work. If you have luck, please do share your work. Also here’s a thread on the topic: https://forums.fogproject.org/topic/6154/selinux-policy


  • Moderator

    We had a discussion a while ago regarding the firewall settings [https://forums.fogproject.org/topic/6162/firewall-configuration] but I don’t think anyone has walked into the selinux area. The easiest answer is to just turn it off.

    But in some environments that isn’t possible. What I would recommend you do is switch selinux into permissive, reboot then run FOG through its paces. Once you have collected the required log entries then run the utility <name missing a the moment> to create a profile for fog. I’m suspecting that the /images directory is missing the flag for nfs connection.

    <edit> not the command I’m thinking of but this will report what selinux is blocking sealert -a /var/log/audit/audit.log </edit>


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.