type=SYSCALL msg=audit(1299852348.354:93): arch=c000003e syscall=49 success=yes exit=0 a0=7 a1=7fffd86a25c0 a2=1c a3=0 items=0 ppid=12043 pid=12044 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ns-slapd" exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null) type=AVC msg=audit(1299852348.354:93): avc: denied { name_bind } for pid=12044 comm="ns-slapd" src=7390 scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
time->Fri Mar 11 09:05:48 2011 type=SYSCALL msg=audit(1299852348.355:94): arch=c000003e syscall=4 success=yes exit=0 a0=7fffd86a18f0 a1=7fffd86a1830 a2=7fffd86a1830 a3=7fffd86a1660 items=0 ppid=12043 pid=12044 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ns-slapd" exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null) type=AVC msg=audit(1299852348.355:94): avc: denied { read } for pid=12044 comm="ns-slapd" name="cert8.db" dev=dm-0 ino=173411 scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:object_r:dirsrv_config_t:s0 tclass=lnk_file
In order to do TLS we had to define a SSL port so I picked 7390. Trying to set it to resulted in an error that it had to be between 1 and 64k. We really don't need an SSL listener so if there is another way to avoid this I'd rather go that route.
I symlinked the NSS databases because they can share the same cert and it means we don't need another certmonger invocation. I was hoping this cheat would work, apparently not.
attachment freeipa-rcrit-752-selinux.patch
https://bugzilla.redhat.com/show_bug.cgi?id=684269
master: 861d1bb
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.0.4 RC4 (bug fixing)
Login to comment on this ticket.