[Fedora-directory-devel] SELinux and directory server

Karl MacMillan kmacmill at redhat.com
Wed May 9 19:50:44 UTC 2007 

On Wed, 2007-05-09 at 12:39 -0600, Richard Megginson wrote:
> Karl MacMillan wrote:
> > On Wed, 2007-05-09 at 14:16 -0400, Rob Crittenden wrote:
> >   
> >> Karl MacMillan wrote:
> >>     
> >>> The page http://directory.fedoraproject.org/wiki/Install_Guide suggests
> >>> putting selinux into permissive mode. Why? I've not seen any problems
> >>> running the directory server under enforcing (either fedora-ds-base from
> >>> extras or the full install).
> >>>       
> >> Without looking I suspect it is because the newer packages fit into the 
> >> filesystem better so are probably covered by existing SELinux rules. 
> >> When it was installed in /opt/fedora-ds alone there was no security 
> >> context covering it.
> >>
> >>     
> >
> > Installing into /opt of a recent rawhide showed no problems. Even if it
> > was a problem it would have been a _very_ easy fix either in the policy
> > package or the directory server packages.
> >   
> Try RHEL4.  I know Dan Walsh did a lot of work to write SELinux policies 
> for DS in FC5 or 6, which are also in rawhide.

Do you have a test environment on RHEL 4 I can access - I don't have one
quickly available.

Thanks - Karl

> >   
> >> It probably heavily depends on which release you're installing it onto 
> >> as well.
> >>
> >>     
> >
> > I think that we need to work to resolve any issues and remove that
> > suggestion. At the very least it needs to specify specific OS and
> > directory server releases.
> >   
> Definitely.
> > That blanket statement is very harmful and unnecessary.
> >
> > I'll be happy to help you resolve any issues - just give me the specific
> > problems that you are seeing.
> >
> > Karl
> >
> > --
> > Fedora-directory-devel mailing list
> > Fedora-directory-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-devel
> >   
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-devel

More information about the Fedora-directory-devel mailing list