-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/10/2011 01:59 PM, Paul Heinlein wrote:
On Wed, 10 Aug 2011, david wrote:
At 09:32 AM 8/10/2011, you wrote:
Part of the environment is gitweb, which works as expected with one glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who owns the repositories. [....]
Paul
I've just spent three days trying to figure out why SSH worked sometimes, sometimes not. Just minutes before your note arrived, I figured I had to disable SELINUX, and now it works just fine. Your note confirmed that there's a link there.
I haven't had any trouble with ssh. I'll note that the system in question gets user account information from ldap.
Oddly, when using sssd+ldap, getent without a specific key won't return ldap account information, but with a key it will. That is, "getent passwd" will return only accounts in the local /etc/passwd database, but "getent passwd bob" will return ldap-supplied information about user bob.
I am adding the allow rule to allow http_git_script_t to resolve usernames to Fedora and Rhel policies.