Re: Problems with kerberos and SElinux

On Fri, 2005-09-02 at 16:37 +0100, Keith Sharp wrote: > Looks like the file /var/tmp/krb5kdc_rcache doesn't have a security > context: > > [root@server ~]# ls -alZ /var/tmp/ > drwxrwxrwt root root system_u:object_r:tmp_t . > drwxr-xr-x root root system_u:object_r:var_t .. > -rw------- root root root:object_r:kadmind_tmp_t kadmin_0 > -rw------- root root krb5kdc_rcache > > How should I go about fixing this? This is a result of previously booting with SELinux disabled; while SELinux is disabled, any files created won't be assigned security contexts. Switching to permissive mode is better than disabling SELinux entirely, and can be done temporarily with /usr/sbin/setenforce 0 without needing to touch /etc/selinux/config or reboot. That continues to label files but allows all accesses and just logs the denials for review in the audit.log. Assuming that this file is just a temporary cache, I'd suggest removing it (or moving it aside), and then restart the process that created it in the first place with SELinux enabled (but permissive, if necessary).