RE: nslcd (.9x) and SELinux
[Date Prev][Date Next] [Thread Prev][Thread Next]RE: nslcd (.9x) and SELinux
- From: Gunjan Varshney <Gunjan.Varshney [at] VERIFONE.com>
- To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: RE: nslcd (.9x) and SELinux
- Date: Tue, 4 Oct 2016 19:37:39 +0000
Hi There, Can you please help. -gunjan From: Gunjan Varshney
Hi, I am facing a peculiar problem in my setup (to enable LDAP authentication through ssh). We have SELinux enabled in our instances (linux) in enforcing mode. Nslcd itself comes up fine as a service if log parameter is not put in nslcd.conf
but as soon as I put in following I start to get audit (AVC) issues where nslcd is not allowed to open log file. log /var/log/nslcd.log debug the audit log gives following line as a clue on what is happening. type=AVC msg=audit(1475042349.537:38975): avc: denied { open } for pid=14122 comm="nslcd" path="/var/log/nslcd.log" dev="xvdg1" ino=44 scontext=unconfined_u:system_r:nslcd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0 I did do a restorecon on the file to
system_u:object_r:var_log_t:s0 but that also didn’t work. I tried to look at the context for log @
https://linux.die.net/man/8/nslcd_selinux but it is not defined there. Can you please help in telling me what should be log file context -gunjan |
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see https://lists.arthurdejong.org/nss-pam-ldapd-users/
- nslcd (.9x) and SELinux,
Gunjan Varshney
- <Possible follow-ups>
- RE: nslcd (.9x) and SELinux, Gunjan Varshney
- Prev by Date: nslcd (.9x) and SELinux
- Next by Date: nss_initgroups_ignoreuser not working as expected. Are my expectations incorrect?
- Previous by thread: nslcd (.9x) and SELinux
- Next by thread: nss_initgroups_ignoreuser not working as expected. Are my expectations incorrect?