Red Hat Bugzilla – Bug 172467
SELinux is denying export to ldif directory.
Last modified: 2015-12-07 12:10:50 EST
Description of problem:
Please change scripts. And anything else to prevent this.
Could you give us more information? Such as...
OS configuration (version, SELinux setup, etc.)
DS configuration (e.g., owner(s) of the server(s)?)
How to reproduce the problem (did you use Console, ldif2db, ldif2db.pl or
Error message you got (slapd-<id>/logs/errors)
If you could let us use your test machine, it'd help us a lot to debug the problem.
This was suggested by richm, that I add this bugzilla. So you can talk to him
for more info. Basically with SELinux policy we are setting up the directories
that the LDAP program can write to. We are not going to allow it to write to
the ldif directory. Rich Suggested that this was the default and should be
changed, and asked that I submit a bug report.
Created attachment 120743 [details]
Sorry, I missed the disscussion on IRC. I attached it to this bug.
test machine: neo.dsdev.sjc.redhat.com
[root@neo ~]# /usr/lib/dirsrv/slapd-neo/db2ldif -n userRoot
Exported ldif file:
[27/Nov/2007:15:37:43 -0800] - export userRoot: Processed 9 entries (100%).
[27/Nov/2007:15:37:43 -0800] - All database threads now stopped
[root@neo ~]# vi /var/lib/dirsrv/slapd-neo/ldif/neo-userRoot-2007_11_27_153741.ldif
[root@neo ~]# cat < /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.