Red Hat Bugzilla – Bug 144731
nscd denied access to system SSL certificates
Last modified: 2007-11-30 17:10:58 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0 Description of problem: When I use the nscd with LDAP and SSL, the nscd will fail on active mode , and give a selinux warning. perhaps the policy for ssl certificates should add read capability for the SSL certificates? Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.58 How reproducible: Always Steps to Reproduce: 1. Install FC with SELinux active 2. Install a LDAP setup including an ssl certificate to verify the server 3. Activate the LDAP configuration Actual Results: It syslogs this error (in permissive mode): Jan 10 17:46:35 zappa kernel: audit(1105400795.636:0): avc: denied { read } for pid=8552 exe=/usr/sbin/nscd name=cert.pem dev=hda2 ino=3352161 scontext=root:system_r:nscd_t tcontext=root:object_r:usr_t tclass=file and logins are all denied and other serious badness. Expected Results: No syslog, just nscd successfully talking to the ldaps server. Additional info: we use a single host with a signed (custom CA) certificate smooshed into the cert.pem file after kickstart. That might be part of the problem, and something I'm definitely willing to look at.
*** Bug 144208 has been marked as a duplicate of this bug. ***
Fixed in selinux-policy-targeted-1.17.30-2.70 Dan
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-251.html