[CentOS] selinux prohibiting sssd usage
david
david at daku.org
Wed Aug 10 17:48:11 UTC 2011
At 09:32 AM 8/10/2011, you wrote:
>I've got a CentOS 6 machine that's slated to go into production
>providing some web and development-repository services.
>
>Part of the environment is gitweb, which works as expected with one
>glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who
>owns the repositories.
>
>The audit log entries are pretty straightforward, e.g.,
>
>type=AVC msg=audit(XXXXXXXXXXXX): avc: denied { search } for
>pid=XXXX comm="gitweb.cgi" name="sss" dev=XXX ino=XXXXXXXXXXX
>scontext=unconfined_u:system_r:httpd_git_script_t:s0
>tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir
>
>I'll use audit2allow to build a custom policy if need be, but what I'd
>really like to hear is that there's an SELinux boolean that can be
>tweaked or a file context that can be altered to make things work as
>expected.
>
>--
>Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
>_________
Paul
I've just spent three days trying to figure out why SSH worked
sometimes, sometimes not. Just minutes before your note arrived, I
figured I had to disable SELINUX, and now it works just fine. Your
note confirmed that there's a link there.
David Kurn
More information about the CentOS
mailing list