[Freeipa-users] installation fails
Jimmy
g17jimmy at gmail.com
Fri Sep 9 18:19:18 UTC 2011
To answer Rob's question : selinux-policy-3.9.16-23.fc15.noarch
And to correct myself from earlier, `echo 0 >/selinux/enforce` does set
SELinux to permissive, does not disable it. So the AVC's I sent are correct.
On Fri, Sep 9, 2011 at 2:10 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Jimmy wrote:
>
>> It's been about 20 mins since I ran the install and did so with SELinux
>> disabled. I ran the command you suggested, but with 'today' as the
>> argument instead of 'recent'. This is the output:
>>
>> ausearch -m avc -ts today
>> ----
>> time->Fri Sep 9 14:24:12 2011
>> type=SYSCALL msg=audit(1315578252.415:214): arch=c000003e syscall=2
>> success=no exit=-13 a0=7fffbee29a70 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=5578 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315578252.415:214): avc: denied { read } for
>> pid=5578 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 14:34:12 2011
>> type=SYSCALL msg=audit(1315578852.159:215): arch=c000003e syscall=2
>> success=no exit=-13 a0=7fffb8d9bb40 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=5627 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315578852.159:215): avc: denied { read } for
>> pid=5627 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 15:15:11 2011
>> type=SYSCALL msg=audit(1315581311.764:223): arch=c000003e syscall=2
>> success=no exit=-13 a0=7fff2c58be30 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=5727 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315581311.764:223): avc: denied { read } for
>> pid=5727 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 15:33:21 2011
>> type=SYSCALL msg=audit(1315582401.640:238): arch=c000003e syscall=2
>> success=no exit=-13 a0=7fff74555140 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=6092 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315582401.640:238): avc: denied { read } for
>> pid=6092 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 15:43:21 2011
>> type=SYSCALL msg=audit(1315583001.304:239): arch=c000003e syscall=2
>> success=no exit=-13 a0=7fffdf7f3ba0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=6141 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315583001.304:239): avc: denied { read } for
>> pid=6141 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 18:18:54 2011
>> type=SYSCALL msg=audit(1315592334.382:269): arch=c000003e syscall=2
>> success=yes exit=9 a0=7fffe3872cc0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=6292 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315592334.382:269): avc: denied { read } for
>> pid=6292 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 18:20:26 2011
>> type=SYSCALL msg=audit(1315592426.491:284): arch=c000003e syscall=2
>> success=yes exit=9 a0=7fffb5102c20 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=6709 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315592426.491:284): avc: denied { read } for
>> pid=6709 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 18:22:47 2011
>> type=SYSCALL msg=audit(1315592567.255:301): arch=c000003e syscall=2
>> success=yes exit=9 a0=7fffe8125540 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=7779 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315592567.255:301): avc: denied { read } for
>> pid=7779 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 18:23:07 2011
>> type=SYSCALL msg=audit(1315592587.857:305): arch=c000003e syscall=2
>> success=yes exit=6 a0=7fffd14031b0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=7882 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315592587.857:305): avc: denied { read } for
>> pid=7882 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>> ----
>> time->Fri Sep 9 18:25:29 2011
>> type=SYSCALL msg=audit(1315592729.758:316): arch=c000003e syscall=2
>> success=yes exit=6 a0=7fffffd7c220 a1=c2 a2=1a4 a3=0 items=0 ppid=1
>> pid=8262 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
>> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
>> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
>> type=AVC msg=audit(1315592729.758:316): avc: denied { read } for
>> pid=8262 comm="ns-slapd" name="lock" dev=sda2 ino=1710
>> scontext=unconfined_u:system_r:dirsrv_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>>
>>
>> On Fri, Sep 9, 2011 at 1:35 PM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>> Jimmy wrote:
>>
>> I temporarily disabled SElinux(echo 0 >/selinux/enforce) and the
>> install
>> completed. Did I miss something in the documentation? I didn't see
>> anything aboud SElinux in the install doc.
>>
>>
>> It should work in enforcing mode.
>>
>> Can you provide the output of this:
>>
>> ausearch -m avc -ts recent
>>
>> This will show us the SELinux denials over the last 10 minutes
>> (recent).
>>
>> rob
>>
>>
>>
> What version of selinux-policy do you have installed? (rpm -q
> selinux-policy)
>
> thanks
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110909/5cd461f6/attachment.htm>
More information about the Freeipa-users
mailing list