nscd with selinux with ssl
Farkas Levente
lfarkas at bppiac.hu
Thu Mar 31 16:07:19 UTC 2005
Daniel J Walsh wrote:
> Farkas Levente wrote:
>
>> hi,
>> i try to use nscd with ldap and tls. in this case you should define a
>> cacert, cert and key file for nss. but afaik there is no default palce
>> to put these file and there is no default policy to allow nscd to read
>> any kind of pem file(s). it'd be useful to define a standard place for
>> these cert files and allow nscd to read these files.
>> yours.
>>
> /usr/share/ssl/certs??
>
> Although I still think this stuff belongs in /etc but I don't make the
> rules.
the first thing i always do aftera fresh install:
----------------------------
mv /usr/share/ssl /etc
cd /usr/share
ln -s /etc/ssl
----------------------------
:-) so i definitely agree with you. i don't know make this rule, but
it'd be _very_ useful to convince him, that config files should have to
be under somewhere /etc/ (but that's another story).
and my current pem files are under /etc/ssl/,
----------------------------
# ls -aZ /etc/ssl/certs/cacert.pem
-rw-r--r-- root root root:object_r:usr_t
/etc/ssl/certs/cacert.pem
----------------------------
and in my messages:
----------------------------
Mar 31 17:08:23 kek kernel: audit(1112281703.777:0): avc: denied {
read } for pid=14271 exe=/usr/sbin/nscd name=cacert.pem dev=md0
ino=2291612 scontext=root:system_r:nscd_t tcontext=root:object_r:usr_t
tclass=file
----------------------------
that's why i ask for it:-)
yours.
--
Levente "Si vis pacem para bellum!"
More information about the fedora-selinux-list
mailing list