OpenLDAP PID and args files
Paul Howarth
paul at city-fan.org
Mon May 22 16:14:47 UTC 2006
FC5 has file contexts for /var/run/slapd.pid and /var/run/slapd.args
# semanage fcontext -l | grep slapd
/var/lib/ldap(/.*)? all files
system_u:object_r:slapd_db_t:s0
/etc/ldap/slapd\.conf regular file
system_u:object_r:slapd_etc_t:s0
/usr/sbin/slapd regular file
system_u:object_r:slapd_exec_t:s0
/var/run/slapd\.args regular file
system_u:object_r:slapd_var_run_t:s0
/var/lib/ldap/replog(/.*)? all files
system_u:object_r:slapd_replog_t:s0
/var/run/slapd\.pid regular file
system_u:object_r:slapd_var_run_t:s0
However, in FC5 the default slapd.conf file puts these files in
/var/run/openldap, so the file contexts don't get set properly, at least
not for the args file:
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
I've fixed this for now using restorecon but it would be nice for policy
to be fixed. Not sure if it applies to FC4 or not.
Paul.
More information about the fedora-selinux-list
mailing list