Selinux update breaks nscd?
Jason L Tibbitts III
tibbs at math.uh.edu
Thu Jun 16 19:49:03 UTC 2005
>>>>> "JLT" == Jason L Tibbitts, <Jason> writes:
>>>>> "DJW" == Daniel J Walsh <Daniel> writes:
DJW> Yes if you cp it to /usr/share/ssl/certs it should work. FC4 has
DJW> moved these all to /etc/pki...
JLT> Oops, nscd is prevented from even looking in
JLT> /usr/share/ssl/certs:
Just for grins, I created /etc/pki, copied cacert.pem there and did
restorecon -R /etc; it relabeled /etc/pki as system_u:object_r:cert_t
and cacert.pem as root:object_r:cert_t.
Unfortunately still no dice:
audit(1118950843.341:0): avc: denied { search } for pid=27569 exe=/usr/sbin/nscd name=pki dev=dm-0 ino=33637 scontext=root:system_r:nscd_t tcontext=system_u:object_r:cert_t tclass=dir
I'm at a complete loss here; I guess I have to disable nscd, but if
users notice the lack of caching then I'll have no choice but to
disable selinux.
I installed the selinux-policy-targeted SRPM in an attempt to figure
things out but I just don't understand enough about selinux to get
anywhere.
- J<
More information about the fedora-list
mailing list