[Freeipa-users] ipa-getcert and SELinux
Thomas Raehalme
thomas.raehalme at aitiofinland.com
Mon Mar 14 08:12:29 UTC 2016
Hi!
On Mon, Mar 7, 2016 at 11:20 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> It may be preferable to label the /var/lib/puppet/ssl/* directories as
> certmonger_var_lib_t but I don't know what would do to puppet. You could
> trade one problem for another. A BZ against selinux might be warranted
> to see what they think.
>
Thanks for the detailed instructions!
I found the issue https://bugzilla.redhat.com/show_bug.cgi?id=1062470 where
certmonger was granted READ access to Puppet libs. I wonder why WRITE
access was not added?
Best regards,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160314/ce2e391e/attachment.htm>
More information about the Freeipa-users
mailing list