[Fedora-directory-devel] SELinux and directory server
Karl MacMillan
kmacmill at redhat.com
Wed May 9 19:50:44 UTC 2007
On Wed, 2007-05-09 at 12:39 -0600, Richard Megginson wrote:
> Karl MacMillan wrote:
> > On Wed, 2007-05-09 at 14:16 -0400, Rob Crittenden wrote:
> >
> >> Karl MacMillan wrote:
> >>
> >>> The page http://directory.fedoraproject.org/wiki/Install_Guide suggests
> >>> putting selinux into permissive mode. Why? I've not seen any problems
> >>> running the directory server under enforcing (either fedora-ds-base from
> >>> extras or the full install).
> >>>
> >> Without looking I suspect it is because the newer packages fit into the
> >> filesystem better so are probably covered by existing SELinux rules.
> >> When it was installed in /opt/fedora-ds alone there was no security
> >> context covering it.
> >>
> >>
> >
> > Installing into /opt of a recent rawhide showed no problems. Even if it
> > was a problem it would have been a _very_ easy fix either in the policy
> > package or the directory server packages.
> >
> Try RHEL4. I know Dan Walsh did a lot of work to write SELinux policies
> for DS in FC5 or 6, which are also in rawhide.
Do you have a test environment on RHEL 4 I can access - I don't have one
quickly available.
Thanks - Karl
> >
> >> It probably heavily depends on which release you're installing it onto
> >> as well.
> >>
> >>
> >
> > I think that we need to work to resolve any issues and remove that
> > suggestion. At the very least it needs to specify specific OS and
> > directory server releases.
> >
> Definitely.
> > That blanket statement is very harmful and unnecessary.
> >
> > I'll be happy to help you resolve any issues - just give me the specific
> > problems that you are seeing.
> >
> > Karl
> >
> > --
> > Fedora-directory-devel mailing list
> > Fedora-directory-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-devel
> >
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-devel
More information about the 389-devel
mailing list