Selinux policy fail to mount image folder
-
Re: SELinux Policy
I was try incorporated selinux policy on my Fedora 25, everything seem to go well when i install the selinux policy, no error. But every time I go to capture image it fail to mount the image folder and capture of image fails. My setup has the upto date fog through github, and for image folder I have as secondary drive format in ntfs. I am wondering if the ntfs format has anything to do with this problem. The minute I disable selinux everything is working with no problem, I would like to run fog with selinux enforcing. -
We had a discussion a while ago regarding the firewall settings [https://forums.fogproject.org/topic/6162/firewall-configuration] but I don’t think anyone has walked into the selinux area. The easiest answer is to just turn it off.
But in some environments that isn’t possible. What I would recommend you do is switch selinux into permissive, reboot then run FOG through its paces. Once you have collected the required log entries then run the utility <name missing a the moment> to create a profile for fog. I’m suspecting that the /images directory is missing the flag for nfs connection.
<edit> not the command I’m thinking of but this will report what selinux is blocking
sealert -a /var/log/audit/audit.log</edit> -
This is the best video I know of on the net regarding the subject. You will have to fine-tune SELinux, you can’t use the defaults with fog, they don’t work. If you have luck, please do share your work. Also here’s a thread on the topic: https://forums.fogproject.org/topic/6154/selinux-policy
-
Sorry for the late reply, I was actually think the same thing and I will give that a try and see what happens.
-
@zacksiga If you’re willing to have your server run SEPermissive for a little bit, I can assist with creating a policy from the collected data, and if it works I’ll update our main repository with the new policy.
-
@Joe-Schmitt I have no problem with that. Anything to help fog with