-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Story wrote: > On Thu, 17 Jul 2008 23:30:40 -0400 Eric wrote: > EP> These indicate to me that cacert.pem and slapd.pem were both created > EP> in /tmp/and moved to /etc/openldap. [...] > EP> > EP> restorecon -R -v /etc/openldap > EP> > EP> After doing that can you send up the denials you get (with dontaudits) > EP> and if it gives you any more trouble? > > No more trouble after that... Sorry for the noise.. > > EP> Also can you help us understand how these two .pem files were created > EP> and how the got into /etc/openldap so we can try to fix this for others? > > It was just a manual process... generated the certificates on a another > machine and scp'd them to /tmp/ because it's short and easier than > trying to remember the real path from the HOWTO on another machine... > > > > ------------------------------------------------------------------------ > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list I guess this is the number one thing we need to teach unix administrators. With SELinux when you get a permission denied message there are 3 things to check. Ownership, Permissions which all admins have ingrained into them, and SELinux Label. chown OWNER PATH chmod PERM PATH restorecon PATH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkiA0WcACgkQrlYvE4MpobOdRwCePpu7qYVywjz2LRMgK1ln+6jc mKoAoJA08lWO5iojf6fSbtguuOX9oiLM =rUwL -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
