Issue #5135: spec: selinux denial during kdcproxy user creation - freeipa

freeipa

#5135 spec: selinux denial during kdcproxy user creation

Closed: Fixed None Opened 8 years ago by tbabej.

We encounter selinux denial while creating the kdcproxy user (step in the specfile). This results into /var/lib/kdcproxy having incorrect permissions:

$ sudo ls -lad /var/lib/kdcproxy
d---------. 2 root root 6 Jul 16 12:35 /var/lib/kdcproxy

tbabej commented 8 years ago

This happens only for new installs (freeipa packages must not be installed previously, kdcproxy user does not exist).

cheimes commented 8 years ago

I'm working on a fix right now.

cheimes commented 8 years ago

[PATCH 012] fixes the issue:

$ ls -lah /var/lib/ | grep kdcproxy
drwx------.  2 kdcproxy kdcproxy 4.0K Jul 16 10:36 kdcproxy

The fix is simple and should be applied to 4.2 and master.

tbabej commented 8 years ago

master:

0700d34 Fix selinux denial during kdcproxy user creation

ipa-4-2:

9c3368a Fix selinux denial during kdcproxy user creation

pvoborni commented 8 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1244802

Metadata Update from @tbabej:
- Issue assigned to cheimes
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Metadata

Assignee

cheimes

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.2.1

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1244802

tester

None

changelog

None

design

None

freeipa

Source Code

#5135 spec: selinux denial during kdcproxy user creation Closed: Fixed None Opened 8 years ago by tbabej.

Metadata

#5135 spec: selinux denial during kdcproxy user creation

Closed: Fixed None Opened 8 years ago by tbabej.