https://bugzilla.redhat.com/show_bug.cgi?id=737516
Description of problem: from sectool scan after ipa-server installation: Warning: Mislabeled directory '/var/cache/ipa/sessions' found. Labeled as 'system_u:object_r:var_t:s0', should be 'system_u:object_r:httpd_sys_content_t:s0'. Hint: File is not labeled as defined in configuration. See man restorecon. Warning: Mislabeled directory '/var/cache/ipa/kpasswd' found. Labeled as 'system_u:object_r:var_t:s0', should be 'system_u:object_r:ipa_kpasswd_ccache_t:s0'. Hint: File is not labeled as defined in configuration. See man restorecon. Warning: Mislabeled regular file '/usr/sbin/ipa_kpasswd' found. Labeled as 'system_u:object_r:bin_t:s0', should be 'system_u:object_r:ipa_kpasswd_exec_t:s0'. Hint: File is not labeled as defined in configuration. See man restorecon. Version-Release number of selected component (if applicable): Installed: ipa-server.i686 0:2.1.1-1.el6 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
attachment freeipa-rcrit-875-selinux.patch
See bug for more details but the problem boils down to a package installation ordering issue. freeipa-server needs to be installed before freeipa-server-selinux. This used to work.
master: 80a4db8
ipa-2-1: 5a778d4
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1.2 (bug fixing)
Login to comment on this ticket.