Bug 189621
Summary: | slapd with postgresql backend won't start | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Heiko Jakob <buffalo> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5 | CC: | dwalsh, fenlason, nalin, pgraner | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | selinux-policy-2.3.6-3.fc5 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-10-20 20:08:46 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Heiko Jakob
2006-04-21 18:23:01 UTC
Almost forgot: You have to add -u to slaptestflag in /etc/init.d/ldap to get around the test which will fail due to almost the same problem. Apr 21 20:41:37 rlxrz01 kernel: audit(1145644897.622:49): avc: denied { unix_read unix_write } for pid=3425 comm="slaptest" key=2030075928 scontext=root:system_r:slapd_t:s0 tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=sem Apr 21 20:41:37 rlxrz01 kernel: audit(1145644897.650:50): avc: denied { write } for pid=3425 comm="slaptest" name=".s.PGSQL.5432" dev=dm-0 ino=672233 scontext=root:system_r:slapd_t:s0 tcontext=root:object_r:postgresql_tmp_t:s0 tclass=sock_file Apr 21 20:41:37 rlxrz01 kernel: audit(1145644897.690:51): avc: denied { unix_read unix_write } for pid=3429 comm="slaptest" key=2030075928 scontext=root:system_r:slapd_t:s0 tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=sem Dan, maybe the ldap init script run a program that happens to transition to unconfined_t to create a semaphore for ldap's use? But then it would be running in initrc_t not unconfined_t???? Dan Heiko, it there a process running as by a user account that is trying to communicate with ldap? Heiko could you send us your configuration setup. Created attachment 129780 [details]
config files for odbc and slapd
Fixed in selinux-policy-2.3.6-3.fc5 Sorry forgot to mention: Works after upgrading selinux policies |