On 07/19/2010 08:47 AM, Aaron Hagopian wrote:
Ok this time I think I have hit a legit issue with SELinux and 1.2.6
RC3. On my workstation to sync up my ldap server with production I
take a ldif dump from production and load it into my system with the
ldif2db.pl <http://ldif2db.pl> script. For versions 1.2.5 and
previous that ldif file could be located anywhere that was readable to
the "nobody" user. Since upgrading, I try to use the same command and
get denied because of SELinux.
My real question here is what is an acceptable directory? I thought
for sure the /var/lib/dirsrv/slapd-<instance>/ldif/ directory would
be acceptable but I get a "SELinux is preventing /usr/sbin/ns-slapd
"read" access on ..." message no matter where I place the LDIF file.
How did you create the ldif file in
"/var/lib/dirsrv/slapd-<instance>/ldif/"? Did you move the ldif file
there from elsewhere on your system? That could explain why your ldif
file has an incorrect context of "var_t".
Try creating a new file in "/var/lib/dirsrv/slapd-<instance>/ldif/"
using 'touch', then run 'ls -lZ' to see what the SELinux context is on
that new file. It should be "dirsrv_var_lib_t".
-NGK
Attached is the full SELinux error.
Thanks,
Aaron
On Fri, Jul 16, 2010 at 8:49 AM, Aaron Hagopian <airhe...@gmail.com
<mailto:airhe...@gmail.com>> wrote:
As I was looking up the version number of admin I noticed that I
had only updated 389-ds* and not 389* so the 389-admin* packages
were mismatched. Once I upgraded everything to what was in
updates-testing no more selinux messages, sorry about the confusion.
Aaron
2010/7/15 Nathan Kinder <nkin...@redhat.com
<mailto:nkin...@redhat.com>>
On 07/15/2010 09:12 AM, Aaron Hagopian wrote:
I upgraded my fedora 13 x86_64 machine to the RC3 using the
rpms in updates-testing and now I cannot start the admin
server with selinux enabled. I am attaching the selinux
message. It does start when I disable selinux.
What version of 389-admin are you running?
I'd also like to see the output of 'semodule -l | grep 389'
from your system.
-NGK
On Tue, Jul 6, 2010 at 2:38 PM, Rich Megginson
<rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:
The 389 team is pleased to announce the availability of
Release
Candidate 3 of version 1.2.6. This release has a few bug
fixes.
***We need your help! Please help us test this
software.*** It is a
release candidate, so it may have a few glitches, but it
has been tested
for regressions and for new feature bugs. The Fedora system
strongly encourages packages to be in Testing until
verified and pushed
to Stable. If we don't get any feedback while the
packages are in
Testing, the packages will remain in limbo, or get pushed
to Stable.
The more testing we get, the faster we can release these
packages to
Stable. See the Release Notes for information about how
to provide
testing feedback (or just send an email to
389-us...@lists.fedoraproject.org
<mailto:389-us...@lists.fedoraproject.org>).
The packages that need testing are:
* 389-ds-base-1.2.6.rc3 - 389-ds-base
More information
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download
=== Bugs Fixed ===
This release contains a couple of bug fixes. The
complete list of bugs
fixed is found at the link below. Note that bugs marked
as MODIFIED
have been fixed but are still in testing.
* Tracking bug for 1.2.6 release -
https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0
<https://bugzilla.redhat.com/showdependencytree.cgi?id=543590&hide_resolved=0>
** Bug 606920 - anonymous resource limit - nstimelimit -
also applied
to "cn=directory manager"
** Bug 604453 - SASL Stress and Server crash: Program
quits with the
assertion failure in PR_Poll
** Bug 605827 - In-place upgrade: upgrade dn format
should not run in
setup-ds-admin.pl <http://setup-ds-admin.pl>
** Bug 578296 - Attribute type entrydn needs to be added
when subtree
rename switch is on
** Bug 609256 - Selinux: pwdhash fails if called via
Admin Server CGI
** Bug 603942 - null deref in _ger_parse_control() for
subjectdn
--
389 users mailing list
389-us...@lists.fedoraproject.org
<mailto:389-us...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-us...@lists.fedoraproject.org
<mailto:389-us...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-us...@lists.fedoraproject.org
<mailto:389-us...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users