[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [OT] SELinux woes

To: openldap-technical@openldap.org
Subject: Re: [OT] SELinux woes
From: Patrick Lists <openldap-list@puzzled.xs4all.nl>
Date: Thu, 17 Jan 2013 07:40:40 +0100
In-reply-to: <CALBCx2fDPDX7J84xpUBpzu1V=MYjquxP9h8c8k8onP6DOGQ5PA@mail.gmail.com>
References: <CALBCx2fDPDX7J84xpUBpzu1V=MYjquxP9h8c8k8onP6DOGQ5PA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0

On 01/17/2013 07:11 AM, Ori Bani wrote:

All,

Trying to switch to slapd.conf instead of dynamic configuration in
order to test the back-sql backend I ran into a problem with SELinux
that I do not understand.

The startup fails with the error:

/etc/openldap/slapd.conf: line 27: invalid path: Permission denied

They probably have the wrong labels since you created new directories.So SELinux does what it then should do: block. Did you do a restoreconon the new directories?


# restorecon -v -F -R /etc/openldap
# restorecon -v -F -R /var/lib/ldap

The reason that SELinux blocks something should show up as an AVC in/var/log/audit/auditd.log.


Regards,
Patrick

Follow-Ups:
- Re: [OT] SELinux woes
  - From: Ori Bani <oribani@gmail.com>

References:
- [OT] SELinux woes
  - From: Ori Bani <oribani@gmail.com>

Prev by Date: [OT] SELinux woes
Next by Date: Re: Strange ACL evaluation depending on AttributeSelection?
Index(es):
- Chronological
- Thread