Red Hat Bugzilla – Bug 679051
selinux detection in /usr/sbin/start-ds-admin
Last modified: 2011-04-25 19:27:40 EDT
Description of problem:
If confition for selinux detection never ckecks because of [ -z "yes" ] condition.
if [ -z "yes" ] ; then # always FALSE
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
SELINUX_CMD="runcon -t unconfined_t --"
Version-Release number of selected component (if applicable):
[FAILED] httpd.worker: Could not open configuration file /etc/dirsrv/admin-serv/httpd.conf: Permission denied
(In reply to comment #0)
> Description of problem:
> If confition for selinux detection never ckecks because of [ -z "yes" ]
> if [ -z "yes" ] ; then # always FALSE
> if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
> SELINUX_CMD="runcon -t unconfined_t --"
This is by design. This code makes the admin server run unconfined, which we only want to happen if the admin server was compiled without SELinux support. Current versions of 389-admin are confined by SELinux policy and are compiled with SELinux support.
> Actual results:
> [FAILED] httpd.worker: Could not open configuration file
> /etc/dirsrv/admin-serv/httpd.conf: Permission denied
What version of 389-ds-base and 389-admin are you running? I'd also like to know what version of selinux-policy you have installed. There is a bug that was recently fixed in selinux-policy that you may be running into.
It would also be useful to see if there are any AVC messages that get output in /var/log/audit/audit when you try to start the dirsrv-admin service.
ping - can you help?
Closing this since we have not heard back from the reporter.