Selinux update breaks nscd?
Jason L Tibbitts III
tibbs at math.uh.edu
Wed Jun 15 18:11:19 UTC 2005
>>>>> "DJW" == Daniel J Walsh <Daniel> writes:
DJW> Jason L Tibbitts III wrote:
>>>>>>> "DJW" == Daniel J Walsh <Daniel> writes:
>>>>>>>
>>>>>>>
>>
DJW> Did you guys simultaneously update the kernel?
>> I'm running the latest kernel (2.6.11-1.27_FC3) but it was
>> installed on May 25 while the selinux-policy-targeted wasn't
>> updated to 1.17.30-3.2 until June 13.
>>
>>
DJW> Ok can you update to selinux-policy-targeted-1.17.30-3.9 policy
DJW> [...] And tell me if that fixes it.
Partially. The nscd control socket stuff (-g, -K, -i) works fine, but
it still gets traps access to /usr/share/ssl/certs/cacert.pem:
audit(1118858107.560:0): avc: denied { read } for pid=3205 exe=/usr/sbin/nscd name=cacert.pem dev=dm-3 ino=786433 scontext=user_u:system_r:nscd_t tcontext=user_u:object_r:usr_t tclass=file
and thus can't talk to the LDAP server to look up users. I will tack
this onto the bugzilla entry.
- J<
More information about the fedora-list
mailing list