Re: Selinux update breaks nscd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: Selinux update breaks nscd?
From: Jason L Tibbitts III <tibbs@xxxxxxxxxxx>
Date: Thu, 16 Jun 2005 14:49:03 -0500
In-reply-to: <[email protected]> (Jason L. Tibbitts, III's message of "Wed, 15 Jun 2005 15:26:56 -0500")
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp, linux)

>>>>> "JLT" == Jason L Tibbitts, <Jason> writes:

>>>>> "DJW" == Daniel J Walsh <Daniel> writes:
DJW> Yes if you cp it to /usr/share/ssl/certs it should work.  FC4 has
DJW> moved these all to /etc/pki...

JLT> Oops, nscd is prevented from even looking in
JLT> /usr/share/ssl/certs:

Just for grins, I created /etc/pki, copied cacert.pem there and did
restorecon -R /etc; it relabeled /etc/pki as system_u:object_r:cert_t
and cacert.pem as root:object_r:cert_t.

Unfortunately still no dice:

audit(1118950843.341:0): avc:  denied  { search } for  pid=27569 exe=/usr/sbin/nscd name=pki dev=dm-0 ino=33637 scontext=root:system_r:nscd_t tcontext=system_u:object_r:cert_t tclass=dir

I'm at a complete loss here; I guess I have to disable nscd, but if
users notice the lack of caching then I'll have no choice but to
disable selinux.

I installed the selinux-policy-targeted SRPM in an attempt to figure
things out but I just don't understand enough about selinux to get
anywhere.

 - J<

Follow-Ups:
- Re: Selinux update breaks nscd?
  - From: Jason L Tibbitts III

References:
- Selinux update breaks nscd?
  - From: Jason L Tibbitts III
- Re: Selinux update breaks nscd?
  - From: Richard Crawford
- Re: Selinux update breaks nscd?
  - From: Tim Fenn
- Re: Selinux update breaks nscd?
  - From: Jason L Tibbitts III
- Re: Selinux update breaks nscd?
  - From: Daniel J Walsh
- Re: Selinux update breaks nscd?
  - From: Jason L Tibbitts III
- Re: Selinux update breaks nscd?
  - From: Daniel J Walsh
- Re: Selinux update breaks nscd?
  - From: Jason L Tibbitts III
- Re: Selinux update breaks nscd?
  - From: Jason L Tibbitts III
- Re: Selinux update breaks nscd?
  - From: Daniel J Walsh
- Re: Selinux update breaks nscd?
  - From: Jason L Tibbitts III

Prev by Date: Re: Dialup
Next by Date: Re: Compileing vanila kernel on FC4
Previous by thread: Re: Selinux update breaks nscd?
Next by thread: Re: Selinux update breaks nscd?
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]