freeipa

Clone
Source Code
GIT

#822 SELinux error when nis listener is
Closed: Fixed None Opened 13 years ago by rcritten.

Closed: Fixed
Reopen Issue

On F-14 after running ipa-nis-manage enable and restarting dirsrv the restart fails and this is logged in the audit log:

type=AVC msg=audit(1295547915.331:4111): avc: denied { node_bind } for pid=23494 comm="ns-slapd" src=965 scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=udp_socket

I'm guessing that after resolving this more errors may pop up.

I think this is a complete list of the AVCs I'm seeing:

type=AVC msg=audit(1295547915.331:4111): avc:  denied  { node_bind } for  pid=23494 comm="ns-slapd" src=965 scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=udp_socket
type=AVC msg=audit(1295548287.301:4113): avc:  denied  { create } for  pid=23543 comm="ns-slapd" scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:system_r:dirsrv_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1295549851.635:4114): avc:  denied  { create } for  pid=23550 comm="ns-slapd" scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:system_r:dirsrv_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1295550044.067:4116): avc:  denied  { connect } for  pid=23675 comm="ns-slapd" scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:system_r:dirsrv_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1295550136.493:4123): avc:  denied  { connect } for  pid=23682 comm="ns-slapd" scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:system_r:dirsrv_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1295550324.494:4126): avc:  denied  { write } for  pid=23809 comm="ns-slapd" name="log" dev=devtmpfs ino=9816 scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file
type=AVC msg=audit(1295550540.437:4130): avc:  denied  { sendto } for  pid=23933 comm="ns-slapd" path="/dev/log" scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1295550939.062:4133): avc:  denied  { write } for  pid=24055 comm="ns-slapd" scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:system_r:dirsrv_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1295550939.065:4134): avc:  denied  { write } for  pid=24055 comm="ns-slapd" scontext=unconfined_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:system_r:dirsrv_t:s0 tclass=unix_dgram_socket

Filed bug against slapi-nis in Fedora https://bugzilla.redhat.com/show_bug.cgi?id=671444

Appears to be fixed in selinux-policy-3.9.7-27. This has not hit updates-testing yet, I pulled the rpms from koji.

This has been pushed to updates-testing.

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.