[CentOS] selinux prohibiting sssd usage
Daniel J Walsh
dwalsh at redhat.com
Wed Aug 10 18:14:31 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/10/2011 01:59 PM, Paul Heinlein wrote:
> On Wed, 10 Aug 2011, david wrote:
>
>> At 09:32 AM 8/10/2011, you wrote:
>>> Part of the environment is gitweb, which works as expected with
>>> one glitch: SELinux doesn't allow gitweb.cgi to query sssd to
>>> display who owns the repositories. [....]
>>
>> Paul
>>
>> I've just spent three days trying to figure out why SSH worked
>> sometimes, sometimes not. Just minutes before your note arrived, I
>> figured I had to disable SELINUX, and now it works just fine.
>> Your note confirmed that there's a link there.
>
> I haven't had any trouble with ssh. I'll note that the system in
> question gets user account information from ldap.
>
> Oddly, when using sssd+ldap, getent without a specific key won't
> return ldap account information, but with a key it will. That is,
> "getent passwd" will return only accounts in the local /etc/passwd
> database, but "getent passwd bob" will return ldap-supplied
> information about user bob.
>
I am adding the allow rule to allow http_git_script_t to resolve
usernames to Fedora and Rhel policies.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5CyoYACgkQrlYvE4MpobMtJACfdV+snqKEs+kM3PaK1JLssEFv
C0UAoJrBvbuUNgDC6qdx+pbQOTtMDTqx
=77oc
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list