On 03/03/2010 07:44 AM, me wrote: > hi Rich > do you know why it all broke so suddenly with latest update for base policy? > As Rich said, it was a miscommunication between the 389 and SELinux dev teams. We have a 389 specific SELinux policy module that was recently developed but is not released yet. It will be in 389 1.2.6. This policy will confine the ns-slapd daemon to the dirsrv_t domain. A change was made to the base selinux policy to confine 389 to the slapd_t domain, which is the policy used for OpenLDAP. This does not just work with 389 since different paths are used (among other things). This change was backed out of the selinux-policy package at my request. This should be fixed in selinux-policy-3.6.32-92, which is currently in the testing repo. Please see this comment in the bug where this change was made: https://bugzilla.redhat.com/show_bug.cgi?id=559298#c28 I would encourage you to test the fixed selinux-policy package and provide feedback as requested in the bug. Thanks, -NGK > for some users it could be kind of a disaster, if now base policy is > lacking rules for 389 > then some other dependencies, like ones you said of, should be pulled in > automatically > for me it looked like that, everything just crashed, like if there was > no major part > of 389's things in base selinux policy. > I've just yumed 389-ds and no extra deps were looked for with regards to > selinux > tracking seliunx events and rendering custom module for inevitable > I guess lots of people on F12 were having lots of problems today > cheers > > On 03/03/2010 03:07 PM, Rich Megginson wrote: > >> me wrote: >> >> >>> regards >>> >>> >>> >> 389-ds-base 1.2.6.a2 has a selinux sub-package - 389-ds-base-selinux - >> and 389-admin-1.1.11.a2 also - 389-admin-selinux - these are currently >> in the testing repos - yum install/upgrade --enablerepo=updates-testing >> 389-ds-base-selinux 389-admin-selinux >> Not sure if these packages have hit all of the mirrors yet, but if they >> have, try them out (and give us some feedback!) >> >> >>> -- >>> 389 users mailing list >>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >>> >>> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users