On Fri, 2005-09-02 at 12:07 -0400, Stephen Smalley wrote:
On Fri, 2005-09-02 at 16:37 +0100, Keith Sharp wrote:
> Looks like the file /var/tmp/krb5kdc_rcache doesn't have a security
> [root@server ~]# ls -alZ /var/tmp/
> drwxrwxrwt root root system_u:object_r:tmp_t .
> drwxr-xr-x root root system_u:object_r:var_t ..
> -rw------- root root root:object_r:kadmind_tmp_t kadmin_0
> -rw------- root root krb5kdc_rcache
> How should I go about fixing this?
This is a result of previously booting with SELinux disabled; while
SELinux is disabled, any files created won't be assigned security
contexts. Switching to permissive mode is better than disabling SELinux
entirely, and can be done temporarily with /usr/sbin/setenforce 0
without needing to touch /etc/selinux/config or reboot. That continues
to label files but allows all accesses and just logs the denials for
review in the audit.log.
Assuming that this file is just a temporary cache, I'd suggest removing
it (or moving it aside), and then restart the process that created it in
the first place with SELinux enabled (but permissive, if necessary).
Removing the file and re-running "service krb5kdc start" seems to have
solved the problem.