Red Hat Bugzilla – Bug 506718
saslauthd tries to write to krb5.conf (which is denied by selinux)
Last modified: 2009-09-22 08:55:01 EDT
Description of problem:
When trying to test kerberos configuration for cyrus-imap, I have found that
saslauthd tries to open /etc/krb5.conf for writing, which is undesirable.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Please see the bug #506717.
Jun 18 09:04:08 i386-5s-m1 setroubleshoot: SELinux is preventing saslauthd (saslauthd_t) "write" to ./krb5.conf (etc_t). For complete SELinux messages. run sealert -l 7ab49091-add8-438c-bd2f-d8d54bdc7f56
The problem is your krb5.conf file is mislabled. restorecon /etc/krb5.conf will fix it.
The kerberos libraries run access checks on all of their config files which causes this bogus access. So in policy we dontaudit all attempts to write to /etc/krb5.conf, although we expect it to be labeled krb5_conf_t.