RSS feed

nslcd (.9x) and SELinux

[Date Prev][Date Next] [Thread Prev][Thread Next]

nslcd (.9x) and SELinux



I am facing a peculiar problem in my setup (to enable LDAP authentication through ssh). We have SELinux enabled in our instances (linux) in enforcing mode. Nslcd itself comes up fine as a service if log parameter is not put in nslcd.conf but as soon as I put in following I start to get audit (AVC) issues where nslcd is not allowed to open log file.


log /var/log/nslcd.log debug


the audit log gives following line as a clue on what is happening.


type=AVC msg=audit(1475042349.537:38975): avc:  denied  { open } for  pid=14122 comm="nslcd" path="/var/log/nslcd.log" dev="xvdg1" ino=44 scontext=unconfined_u:system_r:nslcd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0


I did do a restorecon on the file to system_u:object_r:var_log_t:s0 but that also didn’t work. I tried to look at the context for log @ but it is not defined there.


Can you please help in telling me what should be log file context



To unsubscribe send an email to or see