kerberos server + enforcing mode?
Daniel J Walsh
dwalsh at redhat.com
Mon Jul 14 13:07:02 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel J Walsh wrote:
> Robert Story wrote:
>> I'm still getting "modify_principal: Insufficient access to lock
>> database" error messages when trying to use kadmin in enforcing mode.I
>> ran 'semodule -DB' to re-enable don't audit messages, and I've attached
>> what I get when trying to run a kadmin command to add a principal
>> (after starting kadmind/krb5kdc... kadmin.log seems to be ok). Any
>> hint, tips or policy modules greatly appreciated...
>
>
>
>> ------------------------------------------------------------------------
>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Looks like this one is causing your problem.
>
>
> Looks like the files were created with the wrong labels or kadmin is not
> allowed to create.
>
> restorecon -R -v /var/kerberos
>
> I am fixing the policy to allow the creation of the lock files with the
> correct label.
We are working on this and should have a fix soon. For now you can use
audit2allow to generate custom policy.
- --
fedora-selinux-list mailing list
fedora-selinux-list at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkh7T3YACgkQrlYvE4MpobM9JACffs3fs+nam6RyGOB+j7XxqwKk
l+wAn0pQjytMbwlWSm83qy/a8TrWxCLY
=rpmB
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list