Resum: SELinux is preventing /usr/sbin/ns-slapd "write" access on /etc/dirsrv/slapd-jgbp/dse.ldif. Descripció detallada: SELinux denied access requested by ns-slapd. It is not expected that this access is required by ns-slapd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Permet l'accés: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Informació addicional: Context de la font system_u:system_r:slapd_t:s0 Context de l'objectiu system_u:object_r:etc_t:s0 Objectes objectius /etc/dirsrv/slapd-jgbp/dse.ldif [ file ] Font ns-slapd Camí de la font /usr/sbin/ns-slapd Port <Desconegut> Ordinador (removed) Paquests RPM font 389-ds-base-1.2.5-1.fc12 Paquets RPM destí RPM de política selinux-policy-3.6.32-89.fc12 S'ha habilitat el Selinux True Tipus de la política targeted Mode forçat Enforcing Nom del connector catchall Nom de la màquina (removed) Plataforma Linux (removed) 2.6.31.12-174.2.22.fc12.x86_64 #1 SMP Fri Feb 19 18:55:03 UTC 2010 x86_64 x86_64 Contador d'alertes 1 Vist per primera vegada dt 02 mar 2010 21:46:21 CET Vist per darrera vegada dt 02 mar 2010 21:46:21 CET Identificador local e84e4e04-bba4-4e8b-a8c6-d750b3b73625 Número de línies Missatges d'auditoria sense p node=(removed) type=AVC msg=audit(1267562781.94:35): avc: denied { write } for pid=4151 comm="ns-slapd" name="dse.ldif" dev=dm-0 ino=2932897 scontext=system_u:system_r:slapd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1267562781.94:35): arch=c000003e syscall=21 success=no exit=-13 a0=10c34a0 a1=2 a2=0 a3=41 items=0 ppid=4150 pid=4151 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ns-slapd" exe="/usr/sbin/ns-slapd" subj=system_u:system_r:slapd_t:s0 key=(null) Hash String generated from catchall,ns-slapd,slapd_t,etc_t,file,write audit2allow suggests: #============= slapd_t ============== allow slapd_t etc_t:file write;
This was caused by a change made to the selinux-policy package for bug 559298. Please update to selinux-policy-3.6.32-92 and the problem should be fixed.
389-ds-base 1.2.6.a2 (currently in testing) has a -selinux subpackage which contains the policy for the directory server.