[Fedora-directory-devel] SELinux and directory server
Richard Megginson
rmeggins at redhat.com
Wed May 9 18:39:11 UTC 2007
Karl MacMillan wrote:
> On Wed, 2007-05-09 at 14:16 -0400, Rob Crittenden wrote:
>
>> Karl MacMillan wrote:
>>
>>> The page http://directory.fedoraproject.org/wiki/Install_Guide suggests
>>> putting selinux into permissive mode. Why? I've not seen any problems
>>> running the directory server under enforcing (either fedora-ds-base from
>>> extras or the full install).
>>>
>> Without looking I suspect it is because the newer packages fit into the
>> filesystem better so are probably covered by existing SELinux rules.
>> When it was installed in /opt/fedora-ds alone there was no security
>> context covering it.
>>
>>
>
> Installing into /opt of a recent rawhide showed no problems. Even if it
> was a problem it would have been a _very_ easy fix either in the policy
> package or the directory server packages.
>
Try RHEL4. I know Dan Walsh did a lot of work to write SELinux policies
for DS in FC5 or 6, which are also in rawhide.
>
>> It probably heavily depends on which release you're installing it onto
>> as well.
>>
>>
>
> I think that we need to work to resolve any issues and remove that
> suggestion. At the very least it needs to specify specific OS and
> directory server releases.
>
Definitely.
> That blanket statement is very harmful and unnecessary.
>
> I'll be happy to help you resolve any issues - just give me the specific
> problems that you are seeing.
>
> Karl
>
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070509/11e587f5/attachment.bin>
More information about the Fedora-directory-devel
mailing list