SELinux errors with 389-ds-base-1.2.6-0.5.rc1
by Rob Crittenden
In IPA v2 I'm getting the following SELinux AVCs from ns-slapd:
type=AVC msg=audit(1276693069.494:16808): avc: denied { getattr } for
pid=16334 comm="ns-slapd" path="/var/tmp/ldap_496" dev=sda1 ino=180255
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=unconfined_u:object_r:initrc_tmp_t:s0 tclass=file
type=AVC msg=audit(1276693069.494:16809): avc: denied { unlink } for
pid=16334 comm="ns-slapd" name="ldap_496" dev=sda1 ino=180255
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=unconfined_u:object_r:initrc_tmp_t:s0 tclass=file
I'm seeing a related error in my Apache logs:
[Wed Jun 16 08:57:49 2010] [error] ACIError: Insufficient access:
SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (Cannot create replay cache file
/var/tmp/ldap_496: File exists) Invalid credentials
The context is we create an ldapi connection during Apache startup. We
use GSSAPI and a keytab to authenticate.
At this point I'm not sure if this is an issue with 389-ds or IPA.
I've got the latest selinux-polixy installed: selinux-policy-3.6.32-116
rob
13 years, 3 months
AUTO: Michael Smedeus is out of the office (returning Sun 07/11/2010)
by Michael Smedeus
I am out of the office from Sun 06/13/2010 until Sun 07/11/2010.
Tillbaka 11/7
/Micke
Note: This is an automated response to your message "[389-devel] Please
Review: (604263) Memory leak when extop password change is rejected" sent
on 15/6/10 22:36:56.
This is the only notification you will receive while this person is away.
13 years, 3 months