On Fri, 2008-08-22 at 12:51 -0400, Robert Story wrote:
> I'm trying to switch a working kerberos server from targeted/enforcing
> to mls/enforcing. The krb5kdc daemon start fine, but kadmin does not.
> There is a single avc in the audit log:
>
> type=AVC msg=audit(1219421464.372:719): avc: denied { getattr } for
> pid=2436 comm="kadmind" path="/var/tmp/kadmin_0" dev=dm-5 ino=82064
> scontext=system_u:system_r:kadmind_t:s0-s15:c0.c1023
> tcontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tclass=file
The real question there is why is that file labeled unlabeled_t? That
usually indicates that its context was invalidated, e.g. you removed the
type from the policy?
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
