ldap server + enforcing mode?

Stuart Sears stuart at sjsears.com
Thu Jul 17 22:02:40 UTC 2008


Sending to the list as well. I hate reply-to: :)

Robert Story wrote:
> I'm trying to get ldap (from openldap-servers-2.4.8-6) running in
> enforcing mode on a F9 server. When I try in enforcing mode, it fails.
> I've attaced the AVCs from the audit log, for 'service ldap start' in
> enforcing and permissive mode (with don't audit disabled), along with
> the avcs after the first round were passed through audit2allow and
> loaded..  After those are added and loaded, it starts up fine with no
> AVCs...

what exactly did audit2allow tell you to add?

 From the AVCs this looks like a mislabelled cert -
/etc/openldap/cacerts/cacert.pem
which is labelled as user_tmp_t

what is reported by this:
# restorecon -Rnv /etc/openldap/cacerts

The CA certificate you have there wasn't moved from /tmp by any chance?


Stuart
-- 
Stuart Sears RHCA etc.
"It's today!" said Piglet.
"My favourite day," said Pooh.




More information about the fedora-selinux-list mailing list