[Freeipa-users] installation fails
Jimmy
g17jimmy at gmail.com
Fri Sep 9 17:44:13 UTC 2011
It's been about 20 mins since I ran the install and did so with SELinux
disabled. I ran the command you suggested, but with 'today' as the argument
instead of 'recent'. This is the output:
ausearch -m avc -ts today
----
time->Fri Sep 9 14:24:12 2011
type=SYSCALL msg=audit(1315578252.415:214): arch=c000003e syscall=2
success=no exit=-13 a0=7fffbee29a70 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=5578 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315578252.415:214): avc: denied { read } for pid=5578
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 14:34:12 2011
type=SYSCALL msg=audit(1315578852.159:215): arch=c000003e syscall=2
success=no exit=-13 a0=7fffb8d9bb40 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=5627 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315578852.159:215): avc: denied { read } for pid=5627
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 15:15:11 2011
type=SYSCALL msg=audit(1315581311.764:223): arch=c000003e syscall=2
success=no exit=-13 a0=7fff2c58be30 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=5727 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315581311.764:223): avc: denied { read } for pid=5727
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 15:33:21 2011
type=SYSCALL msg=audit(1315582401.640:238): arch=c000003e syscall=2
success=no exit=-13 a0=7fff74555140 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=6092 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315582401.640:238): avc: denied { read } for pid=6092
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 15:43:21 2011
type=SYSCALL msg=audit(1315583001.304:239): arch=c000003e syscall=2
success=no exit=-13 a0=7fffdf7f3ba0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=6141 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315583001.304:239): avc: denied { read } for pid=6141
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:18:54 2011
type=SYSCALL msg=audit(1315592334.382:269): arch=c000003e syscall=2
success=yes exit=9 a0=7fffe3872cc0 a1=c2 a2=1a4 a3=0 items=0 ppid=1 pid=6292
auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494 sgid=494
fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592334.382:269): avc: denied { read } for pid=6292
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:20:26 2011
type=SYSCALL msg=audit(1315592426.491:284): arch=c000003e syscall=2
success=yes exit=9 a0=7fffb5102c20 a1=c2 a2=1a4 a3=0 items=0 ppid=1 pid=6709
auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494 sgid=494
fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592426.491:284): avc: denied { read } for pid=6709
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:22:47 2011
type=SYSCALL msg=audit(1315592567.255:301): arch=c000003e syscall=2
success=yes exit=9 a0=7fffe8125540 a1=c2 a2=1a4 a3=0 items=0 ppid=1 pid=7779
auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494 sgid=494
fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592567.255:301): avc: denied { read } for pid=7779
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:23:07 2011
type=SYSCALL msg=audit(1315592587.857:305): arch=c000003e syscall=2
success=yes exit=6 a0=7fffd14031b0 a1=c2 a2=1a4 a3=0 items=0 ppid=1 pid=7882
auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494 sgid=494
fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592587.857:305): avc: denied { read } for pid=7882
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:25:29 2011
type=SYSCALL msg=audit(1315592729.758:316): arch=c000003e syscall=2
success=yes exit=6 a0=7fffffd7c220 a1=c2 a2=1a4 a3=0 items=0 ppid=1 pid=8262
auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494 sgid=494
fsgid=494 tty=(none) ses=1 comm="ns-slapd" exe="/usr/sbin/ns-slapd"
subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592729.758:316): avc: denied { read } for pid=8262
comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
On Fri, Sep 9, 2011 at 1:35 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Jimmy wrote:
>
>> I temporarily disabled SElinux(echo 0 >/selinux/enforce) and the install
>> completed. Did I miss something in the documentation? I didn't see
>> anything aboud SElinux in the install doc.
>>
>
> It should work in enforcing mode.
>
> Can you provide the output of this:
>
> ausearch -m avc -ts recent
>
> This will show us the SELinux denials over the last 10 minutes (recent).
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110909/05aca2b9/attachment.htm>
More information about the Freeipa-users
mailing list