On 07/19/2010 08:47 AM, Aaron Hagopian wrote: > Ok this time I think I have hit a legit issue with SELinux and 1.2.6 > RC3. On my workstation to sync up my ldap server with production I > take a ldif dump from production and load it into my system with the > ldif2db.pl <http://ldif2db.pl> script. For versions 1.2.5 and > previous that ldif file could be located anywhere that was readable to > the "nobody" user. Since upgrading, I try to use the same command and > get denied because of SELinux. > > My real question here is what is an acceptable directory? I thought > for sure the /var/lib/dirsrv/slapd-<instance>/ldif/ directory would > be acceptable but I get a "SELinux is preventing /usr/sbin/ns-slapd > "read" access on ..." message no matter where I place the LDIF file. How did you create the ldif file in "/var/lib/dirsrv/slapd-<instance>/ldif/"? Did you move the ldif file there from elsewhere on your system? That could explain why your ldif file has an incorrect context of "var_t". Try creating a new file in "/var/lib/dirsrv/slapd-<instance>/ldif/" using 'touch', then run 'ls -lZ' to see what the SELinux context is on that new file. It should be "dirsrv_var_lib_t". -NGK > > Attached is the full SELinux error. > > Thanks, > > Aaron > > > On Fri, Jul 16, 2010 at 8:49 AM, Aaron Hagopian <airhead1 at gmail.com > <mailto:airhead1 at gmail.com>> wrote: > > As I was looking up the version number of admin I noticed that I > had only updated 389-ds* and not 389* so the 389-admin* packages > were mismatched. Once I upgraded everything to what was in > updates-testing no more selinux messages, sorry about the confusion. > > Aaron > > 2010/7/15 Nathan Kinder <nkinder at redhat.com > <mailto:nkinder at redhat.com>> > > On 07/15/2010 09:12 AM, Aaron Hagopian wrote: >> I upgraded my fedora 13 x86_64 machine to the RC3 using the >> rpms in updates-testing and now I cannot start the admin >> server with selinux enabled. I am attaching the selinux >> message. It does start when I disable selinux. > What version of 389-admin are you running? > > I'd also like to see the output of 'semodule -l | grep 389' > from your system. > > -NGK > >> >> >> On Tue, Jul 6, 2010 at 2:38 PM, Rich Megginson >> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote: >> >> The 389 team is pleased to announce the availability of >> Release >> Candidate 3 of version 1.2.6. This release has a few bug >> fixes. >> >> ***We need your help! Please help us test this >> software.*** It is a >> release candidate, so it may have a few glitches, but it >> has been tested >> for regressions and for new feature bugs. The Fedora system >> strongly encourages packages to be in Testing until >> verified and pushed >> to Stable. If we don't get any feedback while the >> packages are in >> Testing, the packages will remain in limbo, or get pushed >> to Stable. >> >> The more testing we get, the faster we can release these >> packages to >> Stable. See the Release Notes for information about how >> to provide >> testing feedback (or just send an email to >> 389-users at lists.fedoraproject.org >> <mailto:389-users at lists.fedoraproject.org>). >> >> The packages that need testing are: >> * 389-ds-base-1.2.6.rc3 - 389-ds-base >> >> More information >> * Release Notes - http://port389.org/wiki/Release_Notes >> * Install_Guide - http://port389.org/wiki/Install_Guide >> * Download - http://port389.org/wiki/Download >> >> === Bugs Fixed === >> This release contains a couple of bug fixes. The >> complete list of bugs >> fixed is found at the link below. Note that bugs marked >> as MODIFIED >> have been fixed but are still in testing. >> * Tracking bug for 1.2.6 release - >> https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0 >> <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0> >> ** Bug 606920 - anonymous resource limit - nstimelimit - >> also applied >> to "cn=directory manager" >> ** Bug 604453 - SASL Stress and Server crash: Program >> quits with the >> assertion failure in PR_Poll >> ** Bug 605827 - In-place upgrade: upgrade dn format >> should not run in >> setup-ds-admin.pl <http://setup-ds-admin.pl> >> ** Bug 578296 - Attribute type entrydn needs to be added >> when subtree >> rename switch is on >> ** Bug 609256 - Selinux: pwdhash fails if called via >> Admin Server CGI >> ** Bug 603942 - null deref in _ger_parse_control() for >> subjectdn >> >> -- >> 389 users mailing list >> 389-users at lists.fedoraproject.org >> <mailto:389-users at lists.fedoraproject.org> >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> >> >> -- >> 389 users mailing list >> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org> >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > <mailto:389-users at lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100719/d7e474c8/attachment.html
