Issue #1306: ipa-server-install fails on F-15 with enforcing SELinux again - freeipa

freeipa

#1306 ipa-server-install fails on F-15 with enforcing SELinux again

Closed: Invalid None Opened 12 years ago by mkosek.

The selinux problem resolved in #1185 was not solved completely, originally reported AVC reoccurred.

selinux-policy version:

selinux-policy-3.9.16-26.fc15.noarch

audit.log:

...
type=AVC msg=audit(1307533596.416:1211): avc:  denied  { read } for
pid=17544 comm="ns-slapd" name="lock" dev=dm-0 ino=1681
...

audit2allow:

# cat /var/log/audit/audit.log | audit2allow


#============= dirsrv_t ==============
allow dirsrv_t var_t:lnk_file read;

https://bugzilla.redhat.com/show_bug.cgi?id=696819

mkosek commented 12 years ago

The problem was that /var/lock was mislabeled.

# restorecon -R -v /var

fixed the problem.

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.1 - 2011/06

7 years ago

Metadata

Assignee

mkosek

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 2.1 - 2011/06

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=696819

tester

None

changelog

None

design

None

freeipa

Source Code

#1306 ipa-server-install fails on F-15 with enforcing SELinux again Closed: Invalid None Opened 12 years ago by mkosek.

Metadata

#1306 ipa-server-install fails on F-15 with enforcing SELinux again

Closed: Invalid None Opened 12 years ago by mkosek.