Ranbir via FreeIPA-users wrote:
> Hello Everyone,
>
> I'm running an updated CentOS 8 KVM on an up to date CentOS 7 host. My
> freeipa servers CentOS 7 hosts and fully updated, too. In the KVM I'm
> requesting a certificate from my freeipa CA, which in and of itself
> works just find. But, when I
Hi,
It turns out this is a docker specific problem when the container is run with
--privileged
See
https://github.com/freeipa/freeipa-container/issues/383#issuecomment-886708474
for more
发件人: 胡 玮文
发送时间: 2021年7月26日 11:15
收件人: freeipa-users@lists.fedora
On Mon, 2021-07-26 at 08:20 -0400, Rob Crittenden via FreeIPA-users
wrote:
> Perhaps the command isn't executable?
It's definitely executable because I ran the script on its own. The
podman command works if I use it directly instead of from the script.
That's why I'm confused!
> It works fine fo
If you are running SELinux in enforcing mode then it's possible that your
script is being confined by the certmonger_t domain, which could prevent your
file copy from working.
You can search for AVC denials related to certmonger_t with the command:
# ausearch --interpret --context certmonger_t
On Mon, 2021-07-26 at 16:38 +, Sam Morris via FreeIPA-users wrote:
> If you are running SELinux in enforcing mode then it's possible that
> your script is being confined by the certmonger_t domain, which could
> prevent your file copy from working.
>
> You can search for AVC denials related to
Thanks for closing the loop on this. It may help others than run it this.
regards
rob
胡 玮文 via FreeIPA-users wrote:
> Hi,
>
> It turns out this is a docker specific problem when the container is run with
> --privileged
>
> See
> https://github.com/freeipa/freeipa-container/issues/383#issueco
On Mon, Jul 26, 2021 at 7:25 PM Ranbir via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On Mon, 2021-07-26 at 16:38 +, Sam Morris via FreeIPA-users wrote:
> > If you are running SELinux in enforcing mode then it's possible that
> > your script is being confined by the certmon
Ranbir via FreeIPA-users wrote:
> On Mon, 2021-07-26 at 16:38 +, Sam Morris via FreeIPA-users wrote:
>> If you are running SELinux in enforcing mode then it's possible that
>> your script is being confined by the certmonger_t domain, which could
>> prevent your file copy from working.
>>
>> You
10 years ago, a user asked running a custom script on user creation, to
take care of disk provisioning.
https://freeipa-users.redhat.narkive.com/eSX61h7t/add-user-custom-script
Having the same need I found this post, however nothing about the posted
plugin seems to currently work.
I've deter
Chris Candreva via FreeIPA-users wrote:
>
> 10 years ago, a user asked running a custom script on user creation, to
> take care of disk provisioning.
> https://freeipa-users.redhat.narkive.com/eSX61h7t/add-user-custom-script
>
> Having the same need I found this post, however nothing about the
> On Mon, 2021-07-26 at 16:38 +, Sam Morris via FreeIPA-users wrote:
> type=PROCTITLE msg=audit(2021-07-26 00:16:16.758:5255) :
> proctitle=/usr/sbin/certmonger -S -p /run/certmonger.pid -n -d2
> type=SYSCALL msg=audit(2021-07-26 00:16:16.758:5255) : arch=x86_64
> syscall=execve success=no exi
On Mon, 2021-07-26 at 08:20 -0400, Rob Crittenden via FreeIPA-users
wrote:
> [root@ipa] # cat /usr/local/sbin/testme
> #!/bin/sh
> touch /tmp/hello
> [root@ipa]# ls -l /tmp/hello
> ls: cannot access '/tmp/hello': No such file or directory
> [root@ipa]# ipa-getcert request -f /etc/pki/tls/certs/test
On Mon, 2021-07-26 at 19:21 -0400, Ranbir via FreeIPA-users wrote:
> I ran your test on my server, but it failed to run the command on my
> end. Also, the steps reported by certmonger are different for me:
>
> New signing request "20210726231003" added.
> State NEWLY_ADDED_READING_CERT, stuck: no.
On Mon, 2021-07-26 at 22:02 +, Sam Morris via FreeIPA-users wrote:
>
> I'm surprised setting your script to certmonger_unconfined_exec_t
> didn't help - - can you try the ausearch command after doing so &
> confirm that your script is now running in the certmonger_unconfined_t
> domain?
I ran
14 matches
Mail list logo
