-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Story wrote: > I'm still getting "modify_principal: Insufficient access to lock > database" error messages when trying to use kadmin in enforcing mode.I > ran 'semodule -DB' to re-enable don't audit messages, and I've attached > what I get when trying to run a kadmin command to add a principal > (after starting kadmind/krb5kdc... kadmin.log seems to be ok). Any > hint, tips or policy modules greatly appreciated... > > > > ------------------------------------------------------------------------ > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Looks like this one is causing your problem. Looks like the files were created with the wrong labels or kadmin is not allowed to create. restorecon -R -v /var/kerberos I am fixing the policy to allow the creation of the lock files with the correct label. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkh2Y4AACgkQrlYvE4MpobOlUgCgguLXylG2BPmDBEaKvw+INpjk uz0AnR1POUQwI+KnWvwZuzZHxxEekK+p =scDr -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
