[Freeipa-users] Default SELinux user changes on addition of replica?
Rob Crittenden
rcritten at redhat.com
Tue Apr 25 15:34:38 UTC 2017
Steve Huston wrote:
> In the last of my testing before deployment, I had a replica server
> setup but things got out of sync somehow. Yesterday I severed the
> link with the two servers, reimaged the "bad" one, and did some poking
> around on the "good" one while I was at it (clearing out all of the
> real user data in anticipation of making another migration run into
> it). I remember at one point I had found the default selinux user was
> misconfigured, and I thought it was strange because that's on my
> checklist for installing a server so I know I'd done it. Oh well,
> changed it to the proper context again and moved on.
>
> Just this morning I made the new (previously bad) server a replica
> again, and after it finished I happened into the configuration page to
> find the default selinux user is back to unconfined_u:s0-s0:c0.c1023.
> Both servers report this the same, as I would expect, but I don't
> expect or understand why it changed again.
>
> I don't know that I'll have time to spin up more instances and go
> through the testing to see what/when/how it changed, but I wanted to
> point it out in case someone who does have that time can run with the
> information.
>
Seems like an update file could reset that but there isn't one that does
this that I can find.
I wonder if you fixed it on the "bad" one after replication had broken
but before you noticed it was broken, so the value was lost when the
"bad" one was dropped.
I guess the only way to know for sure would be to try to duplicate it.
rob
More information about the Freeipa-users
mailing list