Re: [389-users] Announcing 389 Directory Server 1.2.6 Release Candidate 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/19/2010 08:47 AM, Aaron Hagopian wrote:
Ok this time I think I have hit a legit issue with SELinux and 1.2.6 RC3.  On my workstation to sync up my ldap server with production I take a ldif dump from production and load it into my system with the ldif2db.pl script.  For versions 1.2.5 and previous that ldif file could be located anywhere that was readable to the "nobody" user.  Since upgrading, I try to use the same command and get denied because of SELinux.  

My real question here is what is an acceptable directory?  I thought for sure the /var/lib/dirsrv/slapd-<instance>/ldif/  directory would be acceptable but I get a "SELinux is preventing /usr/sbin/ns-slapd "read" access on ..." message no matter where I place the LDIF file.
How did you create the ldif file in "/var/lib/dirsrv/slapd-<instance>/ldif/"?  Did you move the ldif file there from elsewhere on your system?  That could explain why your ldif file has an incorrect context of "var_t".

Try creating a new file in "/var/lib/dirsrv/slapd-<instance>/ldif/" using 'touch', then run 'ls -lZ' to see what the SELinux context is on that new file.  It should be "dirsrv_var_lib_t".

-NGK

Attached is the full SELinux error.

Thanks,

Aaron


On Fri, Jul 16, 2010 at 8:49 AM, Aaron Hagopian <airhead1@xxxxxxxxx> wrote:
As I was looking up the version number of admin I noticed that I had only updated 389-ds* and not 389* so the 389-admin* packages were mismatched.  Once I upgraded everything to what was in updates-testing no more selinux messages, sorry about the confusion.

Aaron

2010/7/15 Nathan Kinder <nkinder@xxxxxxxxxx>

On 07/15/2010 09:12 AM, Aaron Hagopian wrote:
I upgraded my fedora 13 x86_64 machine to the RC3 using the rpms in updates-testing and now I cannot start the admin server with selinux enabled.  I am attaching the selinux message.  It does start when I disable selinux.
What version of 389-admin are you running?

I'd also like to see the output of 'semodule -l | grep 389' from your system.

-NGK



On Tue, Jul 6, 2010 at 2:38 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
The 389 team is pleased to announce the availability of Release
Candidate 3 of version 1.2.6.  This release has a few bug fixes.

***We need your help!  Please help us test this software.***  It is a
release candidate, so it may have a few glitches, but it has been tested
for regressions and for new feature bugs.  The Fedora system
strongly encourages packages to be in Testing until verified and pushed
to Stable.  If we don't get any feedback while the packages are in
Testing, the packages will remain in limbo, or get pushed to Stable.

The more testing we get, the faster we can release these packages to
Stable.  See the Release Notes for information about how to provide
testing feedback (or just send an email to
389-users@xxxxxxxxxxxxxxxxxxxxxxx).

The packages that need testing are:
* 389-ds-base-1.2.6.rc3 - 389-ds-base

More information
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download

=== Bugs Fixed ===
This release contains a couple of bug fixes.  The complete list of bugs
fixed is found at the link below.  Note that bugs marked as MODIFIED
have been fixed but are still in testing.
* Tracking bug for 1.2.6 release -
https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0
**  Bug 606920 - anonymous resource limit - nstimelimit - also applied
to "cn=directory manager"
** Bug 604453 - SASL Stress and Server crash: Program quits with the
assertion failure in PR_Poll
** Bug 605827 - In-place upgrade: upgrade dn format should not run in
setup-ds-admin.pl
** Bug 578296 - Attribute type entrydn needs to be added when subtree
rename switch is on
** Bug 609256 - Selinux: pwdhash fails if called via Admin Server CGI
** Bug 603942 - null deref in _ger_parse_control() for subjectdn

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux