ldap server + enforcing mode?
Daniel J Walsh
dwalsh at redhat.com
Fri Jul 18 17:22:47 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Story wrote:
> On Thu, 17 Jul 2008 23:30:40 -0400 Eric wrote:
> EP> These indicate to me that cacert.pem and slapd.pem were both created
> EP> in /tmp/and moved to /etc/openldap. [...]
> EP>
> EP> restorecon -R -v /etc/openldap
> EP>
> EP> After doing that can you send up the denials you get (with dontaudits)
> EP> and if it gives you any more trouble?
>
> No more trouble after that... Sorry for the noise..
>
> EP> Also can you help us understand how these two .pem files were created
> EP> and how the got into /etc/openldap so we can try to fix this for others?
>
> It was just a manual process... generated the certificates on a another
> machine and scp'd them to /tmp/ because it's short and easier than
> trying to remember the real path from the HOWTO on another machine...
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I guess this is the number one thing we need to teach unix
administrators. With SELinux when you get a permission denied message
there are 3 things to check. Ownership, Permissions which all admins
have ingrained into them, and SELinux Label.
chown OWNER PATH
chmod PERM PATH
restorecon PATH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkiA0WcACgkQrlYvE4MpobOdRwCePpu7qYVywjz2LRMgK1ln+6jc
mKoAoJA08lWO5iojf6fSbtguuOX9oiLM
=rUwL
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list