Great, happy to have helped. Stay in touch! > On 9 Jan 2020, at 23:16, Alberto Viana <albertocrj@xxxxxxxxx> wrote: > > William, > > ~]# ls -alZ /usr/sbin/ns-slapd > -rwxr-xr-x. 1 root root system_u:object_r:dirsrv_exec_t:s0 2182000 Jan 9 13:05 /usr/sbin/ns-slapd > > Autorelabel worked for me. > > About docker/podman, it's the next step for me. > > Thanks. > > On Wed, Jan 8, 2020 at 9:50 PM William Brown <wbrown@xxxxxxx> wrote: > > > > On 9 Jan 2020, at 10:13, Alberto Viana <albertocrj@xxxxxxxxx> wrote: > > > > William, > > > > Build 389 by myself. Also created and loaded an selinux module allowing the needed permissions. I Just wonder if is the right/best way to do that and if is an expected behavior. > > CentOS should have an selinux policy for ns-slapd out of the box though. Can you do ls -alZ on /usr/sbin/ns-slapd for me? > > You may find it could be as simple as "sudo touch /.autorelabel && sudo reboot" to fix the ns-slapd type to dirsrv, then ensure you use systemd to launch it. > > If that doesn't work we can dig further. > > Another advice could be that if you want to run this "yourself" you could consider running it in docker/podman as this will containerise selinux for you, and you have a lot less work to make it work. > > Hope that helps, > > > > > > Thanks > > > > Alberto Viana > > > > On Wed, Jan 8, 2020, 20:58 William Brown <wbrown@xxxxxxx> wrote: > > > > > > > On 9 Jan 2020, at 01:20, Alberto Viana <albertocrj@xxxxxxxxx> wrote: > > > > > > Hi Guys, > > > 389-Directory/1.4.2.5.20200106gitd52700340 B2020.06.1337 > > > CentOS8 > > > > > > I'm getting these alarms due to selinux: > > > > > > SELinux is preventing ns-slapd from getattr access on the directory /sys/fs/pstore. > > > SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/fs/bpf. > > > SELinux is preventing /usr/sbin/ns-slapd from getattr access on the directory /sys/kernel/config. > > > SELinux is preventing /usr/sbin/ns-slapd from read access on the lnk_file lock. > > > SELinux is preventing /usr/sbin/ns-slapd from using the ptrace access on a process. > > > > > > > To confirm, did you install this from the system rpm's or did you build it yourself? > > > > Thanks! > > > > > What is the best approach to deal with this? > > > > > > Thanks > > > > > > Alberto Viana > > > _______________________________________________ > > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > > > > — > > Sincerely, > > > > William Brown > > > > Senior Software Engineer, 389 Directory Server > > SUSE Labs > > _______________________________________________ > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > > _______________________________________________ > > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
