freeipa

Clone
Source Code
GIT

#2298 need SELinux policy for ipa_memcached service
Closed: Fixed None Opened 12 years ago by jdennis.

Closed: Fixed
Reopen Issue

We currently have to run in permissive mode with the new session stuff. At a minimum we need to allow memcached to create a UNIX socket file in /var/run/ipa_memcached. We get this AVC otherwise:

type=AVC msg=audit(1327101214.892:696): avc: denied { create } for pid=17659 comm="memcached" name="ipa_memcached" scontext=system_u:system_r:memcached_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file

We may have other SELinux denials to address as well, the development work has been done with SELinux in permissive mode.

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=783592

Closed 2432 as as a duplicate of it.

We need to set the boolean httpd_manage_ipa to True to enable this.

In the closed ticket there is a brief discussion of the best place to do this, either use -P and set it during install or set it each time in the service file.

Moving to next month iteration.

This work was done in ticket 2432.

master: 0425d09

ipa-2-2: faa9b47

Metadata Update from @jdennis:
- Issue assigned to jdennis
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=783592
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.