| Summary: | selinux detection in /usr/sbin/start-ds-admin | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Denis Baklikov <denis.baklikov> |
| Component: | 389-admin | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 14 | CC: | nhosoi, nkinder, rmeggins, shaines |
| Target Milestone: | --- | Keywords: | screened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-03-28 21:52:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
(In reply to comment #0) > Description of problem: > > If confition for selinux detection never ckecks because of [ -z "yes" ] > condition. > > /usr/sbin/start-ds-admin > > if [ -z "yes" ] ; then # always FALSE > if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then > SELINUX_CMD="runcon -t unconfined_t --" > fi > fi > This is by design. This code makes the admin server run unconfined, which we only want to happen if the admin server was compiled without SELinux support. Current versions of 389-admin are confined by SELinux policy and are compiled with SELinux support. > Actual results: > [FAILED] httpd.worker: Could not open configuration file > /etc/dirsrv/admin-serv/httpd.conf: Permission denied > What version of 389-ds-base and 389-admin are you running? I'd also like to know what version of selinux-policy you have installed. There is a bug that was recently fixed in selinux-policy that you may be running into. It would also be useful to see if there are any AVC messages that get output in /var/log/audit/audit when you try to start the dirsrv-admin service. ping - can you help? Closing this since we have not heard back from the reporter. |
Description of problem: If confition for selinux detection never ckecks because of [ -z "yes" ] condition. /usr/sbin/start-ds-admin if [ -z "yes" ] ; then # always FALSE if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then SELINUX_CMD="runcon -t unconfined_t --" fi fi Version-Release number of selected component (if applicable): How reproducible: /etc/init.d/dirsrv-admin restart Actual results: [FAILED] httpd.worker: Could not open configuration file /etc/dirsrv/admin-serv/httpd.conf: Permission denied Expected results: [OK]