Aaron Hagopian wrote: > Ok this time I think I have hit a legit issue with SELinux and 1.2.6 > RC3. On my workstation to sync up my ldap server with production I > take a ldif dump from production and load it into my system with the > ldif2db.pl <http://ldif2db.pl> script. For versions 1.2.5 and > previous that ldif file could be located anywhere that was readable to > the "nobody" user. Since upgrading, I try to use the same command and > get denied because of SELinux. > > My real question here is what is an acceptable directory? I thought > for sure the /var/lib/dirsrv/slapd-<instance>/ldif/ directory would > be acceptable but I get a "SELinux is preventing /usr/sbin/ns-slapd > "read" access on ..." message no matter where I place the LDIF file. > > Attached is the full SELinux error. Can you file a bug for this at https://bugzilla.redhat.com/enter_bug.cgi?product=389 ? Thanks > > Thanks, > > Aaron > > > On Fri, Jul 16, 2010 at 8:49 AM, Aaron Hagopian <airhead1@xxxxxxxxx > <mailto:airhead1@xxxxxxxxx>> wrote: > > As I was looking up the version number of admin I noticed that I > had only updated 389-ds* and not 389* so the 389-admin* packages > were mismatched. Once I upgraded everything to what was in > updates-testing no more selinux messages, sorry about the confusion. > > Aaron > > 2010/7/15 Nathan Kinder <nkinder@xxxxxxxxxx > <mailto:nkinder@xxxxxxxxxx>> > > On 07/15/2010 09:12 AM, Aaron Hagopian wrote: >> I upgraded my fedora 13 x86_64 machine to the RC3 using the >> rpms in updates-testing and now I cannot start the admin >> server with selinux enabled. I am attaching the selinux >> message. It does start when I disable selinux. > What version of 389-admin are you running? > > I'd also like to see the output of 'semodule -l | grep 389' > from your system. > > -NGK > >> >> >> On Tue, Jul 6, 2010 at 2:38 PM, Rich Megginson >> <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>> wrote: >> >> The 389 team is pleased to announce the availability of >> Release >> Candidate 3 of version 1.2.6. This release has a few bug >> fixes. >> >> ***We need your help! Please help us test this >> software.*** It is a >> release candidate, so it may have a few glitches, but it >> has been tested >> for regressions and for new feature bugs. The Fedora system >> strongly encourages packages to be in Testing until >> verified and pushed >> to Stable. If we don't get any feedback while the >> packages are in >> Testing, the packages will remain in limbo, or get pushed >> to Stable. >> >> The more testing we get, the faster we can release these >> packages to >> Stable. See the Release Notes for information about how >> to provide >> testing feedback (or just send an email to >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>). >> >> The packages that need testing are: >> * 389-ds-base-1.2.6.rc3 - 389-ds-base >> >> More information >> * Release Notes - http://port389.org/wiki/Release_Notes >> * Install_Guide - http://port389.org/wiki/Install_Guide >> * Download - http://port389.org/wiki/Download >> >> === Bugs Fixed === >> This release contains a couple of bug fixes. The >> complete list of bugs >> fixed is found at the link below. Note that bugs marked >> as MODIFIED >> have been fixed but are still in testing. >> * Tracking bug for 1.2.6 release - >> https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0 >> <https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0> >> ** Bug 606920 - anonymous resource limit - nstimelimit - >> also applied >> to "cn=directory manager" >> ** Bug 604453 - SASL Stress and Server crash: Program >> quits with the >> assertion failure in PR_Poll >> ** Bug 605827 - In-place upgrade: upgrade dn format >> should not run in >> setup-ds-admin.pl <http://setup-ds-admin.pl> >> ** Bug 578296 - Attribute type entrydn needs to be added >> when subtree >> rename switch is on >> ** Bug 609256 - Selinux: pwdhash fails if called via >> Admin Server CGI >> ** Bug 603942 - null deref in _ger_parse_control() for >> subjectdn >> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> >> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx> > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
