[CentOS] selinux prohibiting sssd usage
Paul Heinlein
heinlein at madboa.comWed Aug 10 16:32:04 UTC 2011
- Previous message: [CentOS] setting the screen background with gconftool-2
- Next message: [CentOS] selinux prohibiting sssd usage
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've got a CentOS 6 machine that's slated to go into production providing some web and development-repository services. Part of the environment is gitweb, which works as expected with one glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who owns the repositories. The audit log entries are pretty straightforward, e.g., type=AVC msg=audit(XXXXXXXXXXXX): avc: denied { search } for pid=XXXX comm="gitweb.cgi" name="sss" dev=XXX ino=XXXXXXXXXXX scontext=unconfined_u:system_r:httpd_git_script_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir I'll use audit2allow to build a custom policy if need be, but what I'd really like to hear is that there's an SELinux boolean that can be tweaked or a file context that can be altered to make things work as expected. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
- Previous message: [CentOS] setting the screen background with gconftool-2
- Next message: [CentOS] selinux prohibiting sssd usage
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list