Sending to the list as well. I hate reply-to: :) Robert Story wrote:
I'm trying to get ldap (from openldap-servers-2.4.8-6) running in enforcing mode on a F9 server. When I try in enforcing mode, it fails. I've attaced the AVCs from the audit log, for 'service ldap start' in enforcing and permissive mode (with don't audit disabled), along with the avcs after the first round were passed through audit2allow and loaded.. After those are added and loaded, it starts up fine with no AVCs...
what exactly did audit2allow tell you to add? From the AVCs this looks like a mislabelled cert - /etc/openldap/cacerts/cacert.pem which is labelled as user_tmp_t what is reported by this: # restorecon -Rnv /etc/openldap/cacerts The CA certificate you have there wasn't moved from /tmp by any chance? Stuart -- Stuart Sears RHCA etc. "It's today!" said Piglet. "My favourite day," said Pooh. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
