Bug 828156 - sssd daemon cannot read /var/run/openldap/cacert.pem
sssd daemon cannot read /var/run/openldap/cacert.pem
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Miroslav Grepl
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2012-06-04 07:23 EDT by David Spurek
Modified: 2015-03-02 00:26 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-07 14:24:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Spurek 2012-06-04 07:23:45 EDT
Description of problem:

type=SYSCALL msg=audit(1338803954.430:29070): arch=c000003e syscall=4 success=no exit=-13 a0=25647a0 a1=7fff4c3634a0 a2=7fff4c3634a0 a3=25647d0 items=0 ppid=21940 pid=21944 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="sssd_be" exe="/usr/libexec/sssd/sssd_be" subj=unconfined_u:system_r:sssd_t:s0 key=(null)
type=AVC msg=audit(1338803954.430:29070): avc:  denied  { getattr } for  pid=21944 comm="sssd_be" path="/var/run/openldap/cacert.pem" dev=dm-0 ino=14115 scontext=unconfined_u:system_r:sssd_t:s0 tcontext=unconfined_u:object_r:slapd_var_run_t:s0 tclass=file
Comment 2 Daniel Walsh 2012-06-04 11:10:40 EDT
Why did you put your cert file in /var/run/openldap?
Comment 3 David Spurek 2012-06-06 06:08:01 EDT
I get the test skeleton, where the cert files are copy to /var/run/openldap. But if it is not a good idea, I change the directory to /etc/openldap/cacerts/.
Comment 4 Daniel Walsh 2012-06-07 14:24:22 EDT
Yes that would be a valid test.

Note You need to log in before you can comment on or make changes to this bug.