On Fri, 2005-09-02 at 12:07 -0400, Stephen Smalley wrote: > On Fri, 2005-09-02 at 16:37 +0100, Keith Sharp wrote: > > Looks like the file /var/tmp/krb5kdc_rcache doesn't have a security > > context: > > > > [root@server ~]# ls -alZ /var/tmp/ > > drwxrwxrwt root root system_u:object_r:tmp_t . > > drwxr-xr-x root root system_u:object_r:var_t .. > > -rw------- root root root:object_r:kadmind_tmp_t kadmin_0 > > -rw------- root root krb5kdc_rcache > > > > How should I go about fixing this? > > This is a result of previously booting with SELinux disabled; while > SELinux is disabled, any files created won't be assigned security > contexts. Switching to permissive mode is better than disabling SELinux > entirely, and can be done temporarily with /usr/sbin/setenforce 0 > without needing to touch /etc/selinux/config or reboot. That continues > to label files but allows all accesses and just logs the denials for > review in the audit.log. > > Assuming that this file is just a temporary cache, I'd suggest removing > it (or moving it aside), and then restart the process that created it in > the first place with SELinux enabled (but permissive, if necessary). Removing the file and re-running "service krb5kdc start" seems to have solved the problem. Thanks, Keith. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
