On Mon, 2017-04-03 at 21:36 +0200, Rob Verduijn wrote:
> Hello,
>
> I recreated the reproducer environment and tried it with only the keytab
> relocation
> so I added the following steps:
> mkdir /var/kerberos/krb5/user/48/
> cp /var/lib/gssproxy/clients/httpd.keytab /var/kerberos/krb5/user/48/ We definitely reproduced the SeLinux issue.
> client.keytab
> chcon -t krb5_keytab_t /var/kerberos/krb5/user/48/client.keytab
> chown apache:apache /var/kerberos/krb5/user/48/client.keytab
> systemctl restart gssproxy.service
>
>
> and the nfs mount is readable by the apache user
> su - apache -s /bin/bash
> ls /test
> example.txt
>
> [root@fedoraclient ~]# getenforce
> Enforcing
>
> so I guess we are incorrectly blaming selinux for this,
> but it should be :
> https://pagure.io/gssproxy/issue/178
Both issues are at play here.
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc
_______________________________________________
gss-proxy mailing list -- gss-proxy@lists.fedorahosted.org
To unsubscribe send an email to gss-proxy-leave@lists.fedorahosted.org