[Freeipa-devel] FreeIPA beta1: SELinux prohibits memcached
Martin Kosek
mkosek at redhat.com
Tue Mar 20 12:28:49 UTC 2012
On Tue, 2012-03-20 at 13:14 +0100, Marco Pizzoli wrote:
> Hi Martin,
>
> On Tue, Mar 20, 2012 at 1:02 PM, Martin Kosek <mkosek at redhat.com>
> wrote:
> On Tue, 2012-03-20 at 12:44 +0100, Marco Pizzoli wrote:
> > Hi guys,
> > I don't know if you already know this, but in my logs I can
> find this:
> >
> >
> > Mar 20 12:14:47 freeipa01 setroubleshoot: SELinux is
> > preventing /usr/bin/memcached from create access on the
> sock_file
> > ipa_memcached. For complete SELinux messages. run sealert -l
> > 85b51f4e-3f2e-4e7d-819f-1efb04836de3
> >
> >
> > I'm running:
> >
> >
> > [root at freeipa01 ipa]# rpm -qa|grep freeipa
> > freeipa-server-selinux-2.1.90.rc1-0.fc16.x86_64
> > freeipa-client-2.1.90.rc1-0.fc16.x86_64
> > freeipa-server-2.1.90.rc1-0.fc16.x86_64
> > freeipa-admintools-2.1.90.rc1-0.fc16.x86_64
> > freeipa-python-2.1.90.rc1-0.fc16.x86_64
> >
> >
> > HTH
> > Marco
>
>
> Hello Marco,
>
> there is a SELinux policy where this issue is fixed:
> https://admin.fedoraproject.org/updates/FEDORA-2012-2733/selinux-policy-3.10.0-80.fc16
>
> Its still in updates-testing though. This is an appropriate
> BZ:
> https://bugzilla.redhat.com/show_bug.cgi?id=783592
>
>
> Thanks for your answer.
> Just to be aligned, actually it's not still available on the
> updates-testing channel too.
> I see on the cli that I cannot update to that release and by looking
> at the link you posted I see it has still to be pushed -> current
> state: pending.
>
>
> Thanks again
> Marco
You are right, its not there yet. You can just download and install
fixed RPM from koji (there is a link on Fedora update file), but it is
of course a SElinux policy version without proper community testing. I
tried it and it worked for me, no AVC raised.
Martin
More information about the Freeipa-devel
mailing list