selinux prohibiting sssd usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I've got a CentOS 6 machine that's slated to go into production 
providing some web and development-repository services.

Part of the environment is gitweb, which works as expected with one 
glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who 
owns the repositories.

The audit log entries are pretty straightforward, e.g.,

type=AVC msg=audit(XXXXXXXXXXXX): avc:  denied { search } for 
pid=XXXX comm="gitweb.cgi" name="sss" dev=XXX ino=XXXXXXXXXXX 
scontext=unconfined_u:system_r:httpd_git_script_t:s0 
tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir

I'll use audit2allow to build a custom policy if need be, but what I'd 
really like to hear is that there's an SELinux boolean that can be 
tweaked or a file context that can be altered to make things work as 
expected.

-- 
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux