lists.arthurdejong.org
RSS feed

RE: nslcd (.9x) and SELinux

[Date Prev][Date Next] [Thread Prev][Thread Next]

RE: nslcd (.9x) and SELinux



Hi There,

 

Can you please help.

 

-gunjan

 

From: Gunjan Varshney
Sent: Wednesday, September 28, 2016 2:44 PM
To: 'nss-pam-ldapd-users@lists.arthurdejong.org' <nss-pam-ldapd-users@lists.arthurdejong.org>
Subject: nslcd (.9x) and SELinux

 

Hi,

 

I am facing a peculiar problem in my setup (to enable LDAP authentication through ssh). We have SELinux enabled in our instances (linux) in enforcing mode. Nslcd itself comes up fine as a service if log parameter is not put in nslcd.conf but as soon as I put in following I start to get audit (AVC) issues where nslcd is not allowed to open log file.

 

log /var/log/nslcd.log debug

 

the audit log gives following line as a clue on what is happening.

 

type=AVC msg=audit(1475042349.537:38975): avc:  denied  { open } for  pid=14122 comm="nslcd" path="/var/log/nslcd.log" dev="xvdg1" ino=44 scontext=unconfined_u:system_r:nslcd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0

 

I did do a restorecon on the file to system_u:object_r:var_log_t:s0 but that also didn’t work. I tried to look at the context for log @ https://linux.die.net/man/8/nslcd_selinux but it is not defined there.

 

Can you please help in telling me what should be log file context

 

-gunjan

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/