[Freeipa-users] installation fails
Rob Crittenden
rcritten at redhat.com
Fri Sep 9 18:10:46 UTC 2011
Jimmy wrote:
> It's been about 20 mins since I ran the install and did so with SELinux
> disabled. I ran the command you suggested, but with 'today' as the
> argument instead of 'recent'. This is the output:
>
> ausearch -m avc -ts today
> ----
> time->Fri Sep 9 14:24:12 2011
> type=SYSCALL msg=audit(1315578252.415:214): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffbee29a70 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=5578 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315578252.415:214): avc: denied { read } for
> pid=5578 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 14:34:12 2011
> type=SYSCALL msg=audit(1315578852.159:215): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffb8d9bb40 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=5627 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315578852.159:215): avc: denied { read } for
> pid=5627 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 15:15:11 2011
> type=SYSCALL msg=audit(1315581311.764:223): arch=c000003e syscall=2
> success=no exit=-13 a0=7fff2c58be30 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=5727 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315581311.764:223): avc: denied { read } for
> pid=5727 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 15:33:21 2011
> type=SYSCALL msg=audit(1315582401.640:238): arch=c000003e syscall=2
> success=no exit=-13 a0=7fff74555140 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=6092 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315582401.640:238): avc: denied { read } for
> pid=6092 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 15:43:21 2011
> type=SYSCALL msg=audit(1315583001.304:239): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffdf7f3ba0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=6141 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315583001.304:239): avc: denied { read } for
> pid=6141 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 18:18:54 2011
> type=SYSCALL msg=audit(1315592334.382:269): arch=c000003e syscall=2
> success=yes exit=9 a0=7fffe3872cc0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=6292 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315592334.382:269): avc: denied { read } for
> pid=6292 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 18:20:26 2011
> type=SYSCALL msg=audit(1315592426.491:284): arch=c000003e syscall=2
> success=yes exit=9 a0=7fffb5102c20 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=6709 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315592426.491:284): avc: denied { read } for
> pid=6709 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 18:22:47 2011
> type=SYSCALL msg=audit(1315592567.255:301): arch=c000003e syscall=2
> success=yes exit=9 a0=7fffe8125540 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=7779 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315592567.255:301): avc: denied { read } for
> pid=7779 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 18:23:07 2011
> type=SYSCALL msg=audit(1315592587.857:305): arch=c000003e syscall=2
> success=yes exit=6 a0=7fffd14031b0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=7882 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315592587.857:305): avc: denied { read } for
> pid=7882 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> ----
> time->Fri Sep 9 18:25:29 2011
> type=SYSCALL msg=audit(1315592729.758:316): arch=c000003e syscall=2
> success=yes exit=6 a0=7fffffd7c220 a1=c2 a2=1a4 a3=0 items=0 ppid=1
> pid=8262 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
> sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
> exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
> type=AVC msg=audit(1315592729.758:316): avc: denied { read } for
> pid=8262 comm="ns-slapd" name="lock" dev=sda2 ino=1710
> scontext=unconfined_u:system_r:dirsrv_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>
>
> On Fri, Sep 9, 2011 at 1:35 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> Jimmy wrote:
>
> I temporarily disabled SElinux(echo 0 >/selinux/enforce) and the
> install
> completed. Did I miss something in the documentation? I didn't see
> anything aboud SElinux in the install doc.
>
>
> It should work in enforcing mode.
>
> Can you provide the output of this:
>
> ausearch -m avc -ts recent
>
> This will show us the SELinux denials over the last 10 minutes (recent).
>
> rob
>
>
What version of selinux-policy do you have installed? (rpm -q
selinux-policy)
thanks
rob
More information about the Freeipa-users
mailing list