ldap server + enforcing mode?
Stuart Sears
stuart at sjsears.com
Thu Jul 17 22:02:40 UTC 2008
Sending to the list as well. I hate reply-to: :)
Robert Story wrote:
> I'm trying to get ldap (from openldap-servers-2.4.8-6) running in
> enforcing mode on a F9 server. When I try in enforcing mode, it fails.
> I've attaced the AVCs from the audit log, for 'service ldap start' in
> enforcing and permissive mode (with don't audit disabled), along with
> the avcs after the first round were passed through audit2allow and
> loaded.. After those are added and loaded, it starts up fine with no
> AVCs...
what exactly did audit2allow tell you to add?
From the AVCs this looks like a mislabelled cert -
/etc/openldap/cacerts/cacert.pem
which is labelled as user_tmp_t
what is reported by this:
# restorecon -Rnv /etc/openldap/cacerts
The CA certificate you have there wasn't moved from /tmp by any chance?
Stuart
--
Stuart Sears RHCA etc.
"It's today!" said Piglet.
"My favourite day," said Pooh.
More information about the fedora-selinux-list
mailing list