[389-users] Announcing 389 Directory Server 1.2.6 Release Candidate 3
Nathan Kinder
nkinder at redhat.com
Mon Jul 19 18:25:42 UTC 2010
On 07/19/2010 08:47 AM, Aaron Hagopian wrote:
> Ok this time I think I have hit a legit issue with SELinux and 1.2.6
> RC3. On my workstation to sync up my ldap server with production I
> take a ldif dump from production and load it into my system with the
> ldif2db.pl <http://ldif2db.pl> script. For versions 1.2.5 and
> previous that ldif file could be located anywhere that was readable to
> the "nobody" user. Since upgrading, I try to use the same command and
> get denied because of SELinux.
>
> My real question here is what is an acceptable directory? I thought
> for sure the /var/lib/dirsrv/slapd-<instance>/ldif/ directory would
> be acceptable but I get a "SELinux is preventing /usr/sbin/ns-slapd
> "read" access on ..." message no matter where I place the LDIF file.
How did you create the ldif file in
"/var/lib/dirsrv/slapd-<instance>/ldif/"? Did you move the ldif file
there from elsewhere on your system? That could explain why your ldif
file has an incorrect context of "var_t".
Try creating a new file in "/var/lib/dirsrv/slapd-<instance>/ldif/"
using 'touch', then run 'ls -lZ' to see what the SELinux context is on
that new file. It should be "dirsrv_var_lib_t".
-NGK
>
> Attached is the full SELinux error.
>
> Thanks,
>
> Aaron
>
>
> On Fri, Jul 16, 2010 at 8:49 AM, Aaron Hagopian <airhead1 at gmail.com
> <mailto:airhead1 at gmail.com>> wrote:
>
> As I was looking up the version number of admin I noticed that I
> had only updated 389-ds* and not 389* so the 389-admin* packages
> were mismatched. Once I upgraded everything to what was in
> updates-testing no more selinux messages, sorry about the confusion.
>
> Aaron
>
> 2010/7/15 Nathan Kinder <nkinder at redhat.com
> <mailto:nkinder at redhat.com>>
>
> On 07/15/2010 09:12 AM, Aaron Hagopian wrote:
>> I upgraded my fedora 13 x86_64 machine to the RC3 using the
>> rpms in updates-testing and now I cannot start the admin
>> server with selinux enabled. I am attaching the selinux
>> message. It does start when I disable selinux.
> What version of 389-admin are you running?
>
> I'd also like to see the output of 'semodule -l | grep 389'
> from your system.
>
> -NGK
>
>>
>>
>> On Tue, Jul 6, 2010 at 2:38 PM, Rich Megginson
>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>
>> The 389 team is pleased to announce the availability of
>> Release
>> Candidate 3 of version 1.2.6. This release has a few bug
>> fixes.
>>
>> ***We need your help! Please help us test this
>> software.*** It is a
>> release candidate, so it may have a few glitches, but it
>> has been tested
>> for regressions and for new feature bugs. The Fedora system
>> strongly encourages packages to be in Testing until
>> verified and pushed
>> to Stable. If we don't get any feedback while the
>> packages are in
>> Testing, the packages will remain in limbo, or get pushed
>> to Stable.
>>
>> The more testing we get, the faster we can release these
>> packages to
>> Stable. See the Release Notes for information about how
>> to provide
>> testing feedback (or just send an email to
>> 389-users at lists.fedoraproject.org
>> <mailto:389-users at lists.fedoraproject.org>).
>>
>> The packages that need testing are:
>> * 389-ds-base-1.2.6.rc3 - 389-ds-base
>>
>> More information
>> * Release Notes - http://port389.org/wiki/Release_Notes
>> * Install_Guide - http://port389.org/wiki/Install_Guide
>> * Download - http://port389.org/wiki/Download
>>
>> === Bugs Fixed ===
>> This release contains a couple of bug fixes. The
>> complete list of bugs
>> fixed is found at the link below. Note that bugs marked
>> as MODIFIED
>> have been fixed but are still in testing.
>> * Tracking bug for 1.2.6 release -
>> https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0
>> <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0>
>> ** Bug 606920 - anonymous resource limit - nstimelimit -
>> also applied
>> to "cn=directory manager"
>> ** Bug 604453 - SASL Stress and Server crash: Program
>> quits with the
>> assertion failure in PR_Poll
>> ** Bug 605827 - In-place upgrade: upgrade dn format
>> should not run in
>> setup-ds-admin.pl <http://setup-ds-admin.pl>
>> ** Bug 578296 - Attribute type entrydn needs to be added
>> when subtree
>> rename switch is on
>> ** Bug 609256 - Selinux: pwdhash fails if called via
>> Admin Server CGI
>> ** Bug 603942 - null deref in _ger_parse_control() for
>> subjectdn
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> <mailto:389-users at lists.fedoraproject.org>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100719/d7e474c8/attachment.html>
More information about the 389-users
mailing list