[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-sock v2.4.47 not returning LDIF

On 7/25/19 4:56 PM, Howard Chu wrote:
> Most likely something like SELinux policy has changed
> between Debian 9 and Debian 10.

AFAIK Debian 10 enables AppArmor by default not SELinux. But not sure
whether slapd is confined because AppArmor default policy is "targeted".
Better check with ps auxZ.

E.g. on my system:

ae-dir-p1:~ # ps auxZ | grep slapd
ae-slapd (enforce)              ae-dir-+  1313  [..]

If (enforce) is listed then the process is confined by an AppArmor
profile. Otherwise the process is listed as "unconfined".

If AppArmor profile is causing the issue you might want to watch out for
DENIED lines in auditd log and add the privileges listed as missing.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature