On 06/21/2016 08:31 AM, Jan Cholasta wrote:
> On 17.6.2016 16:30, Petr Vobornik wrote:
>> I'm not sure if following is related to thin client or other work, but
>> it should be looked at. Feel free to open different ticket for it.
>> I was doing some testing yesterday and this was in audit:
>> time->Thu Jun 16 22:11:32 2016
>> type=AVC msg=audit(1466107892.404:662): avc:  denied  { write } for
>> pid=26289 comm="dogtag-ipa-ca-r" name="ipa_memcached" dev="tmpfs"
>> ino=183080 scontext=system_u:system_r:certmonger_t:s0
>> tcontext=system_u:object_r:memcached_var_run_t:s0 tclass=sock_file
>> permissive=0
>> I did not investigate further, but couldn't it be caused by initialing
>> api with api.bootstrap(in_server=True.. which then initializes session
>> plugin which then initializes MemcacheSessionManager?
>> Similar issue could be in other usages.
> AFAIK this is trigerred by importing ipalib.session and can happen even
> with client API.

True, but it would have to be explicit, which won't probably happen.

In ipaserver/plugins/session.py it is done automatically:

if api.env.in_server:
    from ipalib.session import session_mgr

Petr Vobornik

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to