Bug 825137
Summary: | radiusd unable to connect to ldap | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Patrik Kis <pkis> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | ksrot, mgrepl, mmalik |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 10:20:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Patrik Kis
2012-05-25 08:31:56 UTC
On RHEL6 we have $ sesearch -A -C -s radiusd_t -t ldap_port_t -c tcp_socket Found 5 semantic av rules: allow radiusd_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ; allow radiusd_t port_type : tcp_socket { recv_msg send_msg } ; DT allow radiusd_t reserved_port_type : tcp_socket name_connect ; [ allow_ypbind ] DT allow radiusd_t rpc_port_type : tcp_socket name_bind ; [ allow_ypbind ] DT allow radiusd_t port_type : tcp_socket { recv_msg send_msg } ; [ allow_ypbind ] radius should be able to connect to ldap without ypbind boolean enabled. We should add it into policy. On RHEl6 we allowed all apps that used getpw to connect to ldap. On RHEL7 we will rely on sssd for this. If radius needs to connect to ldap for something other then password resolution then we should turn it on in radious policy. Fixed in selinux-policy-3.10.0-128.el7 This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |