Description of problem: cvs running in gserver mode needs to be able to read its credentials out of /etc/krb5.conf. It can't. Version-Release number of selected component (if applicable): 1.25.3-9 How reproducible: Very Steps to Reproduce: 1. Set up cvs gserver (or any other process that will run as system_u:system_r:cvs_t) 2. Try to connect to it. This causes it to try to read /etc/krb5.keytab (system_u:object_r:krb5_keytab_t) 3. Watch it fail Actual results: Failure with an audit message Expected results: Success Additional info: Probably needs access to other kerberos-y things (like ability to make a network connection to the kdc) as well
Winds up needing { read lock } to krb5_keytab_t:file, but then still doesn't work. Failing when it tries to find .k5login file in the home directory (probably some generic kerberos server thing needed) Failing when trying to do anything interesting in the CVS root - is there a special context set that should be applied to the CVSROOT and/or ,v files?
cvs_data_t
selinux-policy-targeted-1.25.3.12 fixed problem
Thanks for the bug report. This particular bug was fixed and a update package was published for download. Please feel free to report any further bugs you find.