Description of problem: Some customers upgrade only 389-ds-base and it's dependencies during 7.2 -> 7.3 upgrade. 389-ds-base-1.3.5 depends on >=selinux-policy-3.13.1-75 From changelog: Resolves: rhbz#1336722 - Directory Server (389-ds-base) has been updated to use systemd-ask-password. In order to function correctly we need the following added to dirsrv.te Currently 389-ds-base doesn't have a hard dependency on particular version. So if customer has configured SSL with pin.txt and later decides to delete pin, ns-slapd won't start. Version-Release number of selected component (if applicable): 389-ds-base-1.3.5.10-11.el7 How reproducible: always Steps to Reproduce: 1. On RHEL7.2 configure an instance with SSL and pin.txt 1. yum update 389-ds-base (to 7.3 version) 2. remove pin.txt 3. restart-dirsrv Actual results: Nov 18 05:05:04 qeos-33.lab.eng.rdu2.redhat.com systemd[1]: Starting 389 Directory Server qeos-33.... Nov 18 05:05:04 qeos-33.lab.eng.rdu2.redhat.com ns-slapd[3240]: [18/Nov/2016:05:05:04.944897933 -0500] SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password. Nov 18 05:05:04 qeos-33.lab.eng.rdu2.redhat.com ns-slapd[3240]: SVRCORE systemd:getPin() -> creating socket FAILED 7 Nov 18 05:05:04 qeos-33.lab.eng.rdu2.redhat.com ns-slapd[3240]: [18/Nov/2016:05:05:04.946416549 -0500] slapd_ssl_init - Unable to authenticate (Netscape Portable Runtime error -8177 - The security password entered is incorrect.)[18/Nov/2016:05:05:04.947076107 -0500] ERROR: SSL Initialization Failed. Disabling SSL. Nov 18 05:05:04 qeos-33.lab.eng.rdu2.redhat.com ns-slapd[3240]: [18/Nov/2016:05:05:04.947821887 -0500] 389-Directory/1.3.5.10 B2016.257.1817 starting up Nov 18 05:05:05 qeos-33.lab.eng.rdu2.redhat.com ns-slapd[3240]: [18/Nov/2016:05:05:05.037750034 -0500] slapd started. Listening on All Interfaces port 389 for LDAP requests Nov 18 05:05:05 qeos-33.lab.eng.rdu2.redhat.com systemd[1]: Started 389 Directory Server qeos-33.. ausearch -m AVC: time->Fri Nov 18 05:05:04 2016 type=SYSCALL msg=audit(1479463504.946:488): arch=c000003e syscall=49 success=no exit=-13 a0=a a1=7ffc0659add0 a2=6e a3=7ffc0659ab40 items=0 ppid=1 pid=3240 auid=4294967295 uid=389 gid=389 euid=389 suid=389 fsuid=389 egid=389 sgid=389 fsgid=389 tty=(none) ses=4294967295 comm="ns-slapd" exe="/usr/sbin/ns-slapd" subj=system_u:system_r:dirsrv_t:s0 key=(null) type=AVC msg=audit(1479463504.946:488): avc: denied { write } for pid=3240 comm="ns-slapd" name="ask-password" dev="tmpfs" ino=6668 scontext=system_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:systemd_passwd_var_run_t:s0 tclass=dir Expected results: selinux-policy should updated as well Additional info:
Metadata Update from @nhosoi: - Issue set to the milestone: 1.3.6.0
Metadata Update from @mreynolds: - Issue close_status updated to: None - Issue set to the milestone: 1.3.7 backlog (was: 1.3.6.0)
Fixed in upstream & downstream specfiles
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to None - Custom field version adjusted to None - Issue close_status updated to: fixed - Issue set to the milestone: 1.3.7.0 (was: 1.3.7 backlog) - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2105
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.