[Freeipa-devel] [PATCH] Patch to allow IPA to work with dogtag 10 on f18
Nalin Dahyabhai
nalin at redhat.com
Wed Sep 5 20:43:59 UTC 2012
On Wed, Aug 29, 2012 at 08:48:32AM -0400, Ade Lee wrote:
> Incidentally, I ran this in permmissive selinux mode. The following
> rules are required to be added:
>
> #============= certmonger_t ==============
> corenet_tcp_connect_http_cache_port(certmonger_t)
> files_read_var_lib_symlinks(certmonger_t)
On my system, "semanage port -l" shows me:
http_cache_port_t tcp 8080, 8118, 10001-10010
Are these ports already labeled this way for Dogtag, or is it a
coincidental overlap with some other package? If it's an overlap,
it might be better to switch to using ports which aren't already labeled
for use in policy that applies to some other package.
If not, please open a bug against the selinux-policy component to get
these accesses added to the set that's allowed by the default policy.
Nalin
More information about the Freeipa-devel
mailing list