-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel J Walsh wrote: > Robert Story wrote: >> I'm still getting "modify_principal: Insufficient access to lock >> database" error messages when trying to use kadmin in enforcing mode.I >> ran 'semodule -DB' to re-enable don't audit messages, and I've attached >> what I get when trying to run a kadmin command to add a principal >> (after starting kadmind/krb5kdc... kadmin.log seems to be ok). Any >> hint, tips or policy modules greatly appreciated... > > > >> ------------------------------------------------------------------------ > >> -- >> fedora-selinux-list mailing list >> fedora-selinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-selinux-list > Looks like this one is causing your problem. > > > Looks like the files were created with the wrong labels or kadmin is not > allowed to create. > > restorecon -R -v /var/kerberos > > I am fixing the policy to allow the creation of the lock files with the > correct label. We are working on this and should have a fix soon. For now you can use audit2allow to generate custom policy. - -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkh7T3YACgkQrlYvE4MpobM9JACffs3fs+nam6RyGOB+j7XxqwKk l+wAn0pQjytMbwlWSm83qy/a8TrWxCLY =rpmB -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
