[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Selinux update breaks nscd?



>>>>> "JLT" == Jason L Tibbitts, <Jason> writes:

>>>>> "DJW" == Daniel J Walsh <Daniel> writes:
DJW> Yes if you cp it to /usr/share/ssl/certs it should work.  FC4 has
DJW> moved these all to /etc/pki...

JLT> Oops, nscd is prevented from even looking in
JLT> /usr/share/ssl/certs:

Just for grins, I created /etc/pki, copied cacert.pem there and did
restorecon -R /etc; it relabeled /etc/pki as system_u:object_r:cert_t
and cacert.pem as root:object_r:cert_t.

Unfortunately still no dice:

audit(1118950843.341:0): avc:  denied  { search } for  pid=27569 exe=/usr/sbin/nscd name=pki dev=dm-0 ino=33637 scontext=root:system_r:nscd_t tcontext=system_u:object_r:cert_t tclass=dir

I'm at a complete loss here; I guess I have to disable nscd, but if
users notice the lack of caching then I'll have no choice but to
disable selinux.

I installed the selinux-policy-targeted SRPM in an attempt to figure
things out but I just don't understand enough about selinux to get
anywhere.

 - J<


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]