Using systemctl to start a 389-ds-base instance on F16 gives this message: Sep 2 14:30:04 f16x8664 kernel: [ 3669.247238] type=1400 audit(1314995404.405:96): avc: denied { read } for pid=3939 comm="ns-slapd" name="online" dev=sysfs ino=34 scontext=system_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Using systemctl to start 389-admin on F16 gives these messages: Sep 2 14:25:06 f16x8664 kernel: [ 3370.879324] type=1400 audit(1314995106.037:92): avc: denied { name_connect } for pid=3393 comm="httpd.worker" dest=389 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket
(In reply to comment #0) > Using systemctl to start a 389-ds-base instance on F16 gives this message: > > Sep 2 14:30:04 f16x8664 kernel: [ 3669.247238] type=1400 > audit(1314995404.405:96): avc: denied { read } for pid=3939 comm="ns-slapd" > name="online" dev=sysfs ino=34 scontext=system_u:system_r:dirsrv_t:s0 > tcontext=system_u:object_r:sysfs_t:s0 tclass=file > Fixing. > Using systemctl to start 389-admin on F16 gives these messages: > > Sep 2 14:25:06 f16x8664 kernel: [ 3370.879324] type=1400 > audit(1314995106.037:92): avc: denied { name_connect } for pid=3393 > comm="httpd.worker" dest=389 scontext=system_u:system_r:httpd_t:s0 > tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket How are labelled CGI scripts in /usr/lib(64)?/dirsrv/cgi-bin directroy? # ls -lZ /usr/lib64/dirsrv/cgi-bin
The directory is labeled system_u:object_r:httpd_dirsrvadmin_script_exec_t:s0 the files are labeled the same
Was there more info you needed?
Is this issue still open?
(In reply to comment #4) > Is this issue still open? Yes. Do you need any more info?
(In reply to comment #5) > (In reply to comment #4) > > Is this issue still open? > > Yes. Do you need any more info? So are you still getting both AVC msgs?
(In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #4) > > > Is this issue still open? > > > > Yes. Do you need any more info? > > So are you still getting both AVC msgs? Nope. Was this fixed in policy? If so, what version?