Bug 172467 - SELinux is denying export to ldif directory.
SELinux is denying export to ldif directory.
Product: 389
Classification: Community
Component: Database - Import/Export (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Noriko Hosoi
Viktor Ashirov
Depends On:
Blocks: 152373 240316 FDS1.1.0
  Show dependency treegraph
Reported: 2005-11-04 16:34 EST by Daniel Walsh
Modified: 2015-12-07 12:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-12-07 12:10:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
background info (7.48 KB, text/html)
2005-11-04 17:34 EST, Noriko Hosoi
no flags Details

  None (edit)
Description Daniel Walsh 2005-11-04 16:34:43 EST
Description of problem:
Please change scripts.  And anything else to prevent this.
Comment 1 Noriko Hosoi 2005-11-04 17:10:34 EST
Could you give us more information? Such as...
OS configuration (version, SELinux setup, etc.)
DS configuration (e.g., owner(s) of the server(s)?)
How to reproduce the problem (did you use Console, ldif2db, ldif2db.pl or
something else?)
Error message you got (slapd-<id>/logs/errors)

If you could let us use your test machine, it'd help us a lot to debug the problem.
Comment 2 Daniel Walsh 2005-11-04 17:24:33 EST
This was suggested by richm, that I add this bugzilla.  So you can talk to him
for more info.  Basically with SELinux policy we are setting up the directories
that the LDAP program can write to.  We are not going to allow it to write to
the ldif directory.  Rich Suggested that this was the default and should be
changed, and asked that I submit a bug report.  
Comment 3 Noriko Hosoi 2005-11-04 17:34:38 EST
Created attachment 120743 [details]
background info

Sorry, I missed the disscussion on IRC.  I attached it to this bug.
Comment 5 Yi Zhang 2007-11-27 18:39:37 EST
Verified: PASS
test machine: neo.dsdev.sjc.redhat.com

Actual test: 
[root@neo ~]# /usr/lib/dirsrv/slapd-neo/db2ldif -n userRoot
Exported ldif file:
ldiffile: /var/lib/dirsrv/slapd-neo/ldif/neo-userRoot-2007_11_27_153741.ldif
[27/Nov/2007:15:37:43 -0800] - export userRoot: Processed 9 entries (100%).
[27/Nov/2007:15:37:43 -0800] - All database threads now stopped
[root@neo ~]# vi /var/lib/dirsrv/slapd-neo/ldif/neo-userRoot-2007_11_27_153741.ldif
[root@neo ~]# 


[root@neo ~]# cat < /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.

Note You need to log in before you can comment on or make changes to this bug.