Bug 570562

Summary: Fedora 13 still has the dirsrv/slapd labeling conflict
Product: [Fedora] Fedora Reporter: Rich Megginson <rmeggins>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 13CC: dwalsh, mgrepl, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.11-1.fc13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-10 06:48:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rich Megginson 2010-03-04 17:59:33 UTC 
[root@f13x8664 ~]# semodule -v -s targeted -i /usr/share/selinux/targeted/dirsrv.pp 
Attempting to install module '/usr/share/selinux/targeted/dirsrv.pp':
Ok: return value of 0.
Committing changes:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /usr/sbin/ns-slapd  (system_u:object_r:slapd_exec_t:s0 and system_u:object_r:dirsrv_exec_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument
libsemanage.semanage_install_active: setfiles returned error code 1.
semodule:  Failed!

This is with selinux-policy 3.7.10-4.fc13

Fedora 12 fixed this problem https://admin.fedoraproject.org/updates/F12/FEDORA-2010-2953
# Tue Feb 23 2010 Miroslav Grepl <mgrepl> 3.6.32-92
...
# Remove label for Directory Server 
559298 - SELinux is preventing /usr/sbin/smbd "connectto" access on /var/run/slapd-*.socket

We need the same fix in F-13
Comment 1 Rich Megginson 2010-03-04 18:00:28 UTC 
Increasing priority because this prevents installing 389 on Fedora 13.
Comment 2 Rich Megginson 2010-03-04 18:02:25 UTC 
*** Bug 570333 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Walsh 2010-03-04 18:21:39 UTC 
Fixed in selinux-policy-3.7.11-1.fc13.noarch
Comment 4 Fedora Update System 2010-03-04 18:46:52 UTC 
selinux-policy-3.7.11-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/selinux-policy-3.7.11-1.fc13
Comment 5 Fedora Update System 2010-03-05 03:34:44 UTC 
selinux-policy-3.7.11-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.11-1.fc13
Comment 6 Fedora Update System 2010-03-10 06:48:12 UTC 
selinux-policy-3.7.11-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.