[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: kerberos server + enforcing mode?
- From: Daniel J Walsh <dwalsh redhat com>
- To: Robert Story <rstory sparta com>
- Cc: fedora-selinux-list redhat com
- Subject: Re: kerberos server + enforcing mode?
- Date: Mon, 14 Jul 2008 09:07:02 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel J Walsh wrote:
> Robert Story wrote:
>> I'm still getting "modify_principal: Insufficient access to lock
>> database" error messages when trying to use kadmin in enforcing mode.I
>> ran 'semodule -DB' to re-enable don't audit messages, and I've attached
>> what I get when trying to run a kadmin command to add a principal
>> (after starting kadmind/krb5kdc... kadmin.log seems to be ok). Any
>> hint, tips or policy modules greatly appreciated...
>
>
>
>> ------------------------------------------------------------------------
>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list redhat com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Looks like this one is causing your problem.
>
>
> Looks like the files were created with the wrong labels or kadmin is not
> allowed to create.
>
> restorecon -R -v /var/kerberos
>
> I am fixing the policy to allow the creation of the lock files with the
> correct label.
We are working on this and should have a fix soon. For now you can use
audit2allow to generate custom policy.
- --
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkh7T3YACgkQrlYvE4MpobM9JACffs3fs+nam6RyGOB+j7XxqwKk
l+wAn0pQjytMbwlWSm83qy/a8TrWxCLY
=rpmB
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]