Jimmy wrote:
It's been about 20 mins since I ran the install and did so with SELinux
disabled. I ran the command you suggested, but with 'today' as the
argument instead of 'recent'. This is the output:

ausearch -m avc -ts today
----
time->Fri Sep 9 14:24:12 2011
type=SYSCALL msg=audit(1315578252.415:214): arch=c000003e syscall=2
success=no exit=-13 a0=7fffbee29a70 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=5578 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315578252.415:214): avc: denied { read } for
pid=5578 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 14:34:12 2011
type=SYSCALL msg=audit(1315578852.159:215): arch=c000003e syscall=2
success=no exit=-13 a0=7fffb8d9bb40 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=5627 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315578852.159:215): avc: denied { read } for
pid=5627 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 15:15:11 2011
type=SYSCALL msg=audit(1315581311.764:223): arch=c000003e syscall=2
success=no exit=-13 a0=7fff2c58be30 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=5727 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315581311.764:223): avc: denied { read } for
pid=5727 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 15:33:21 2011
type=SYSCALL msg=audit(1315582401.640:238): arch=c000003e syscall=2
success=no exit=-13 a0=7fff74555140 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=6092 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315582401.640:238): avc: denied { read } for
pid=6092 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 15:43:21 2011
type=SYSCALL msg=audit(1315583001.304:239): arch=c000003e syscall=2
success=no exit=-13 a0=7fffdf7f3ba0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=6141 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315583001.304:239): avc: denied { read } for
pid=6141 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:18:54 2011
type=SYSCALL msg=audit(1315592334.382:269): arch=c000003e syscall=2
success=yes exit=9 a0=7fffe3872cc0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=6292 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592334.382:269): avc: denied { read } for
pid=6292 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:20:26 2011
type=SYSCALL msg=audit(1315592426.491:284): arch=c000003e syscall=2
success=yes exit=9 a0=7fffb5102c20 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=6709 auid=0 uid=498 gid=494 euid=498 suid=498 fsuid=498 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592426.491:284): avc: denied { read } for
pid=6709 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:22:47 2011
type=SYSCALL msg=audit(1315592567.255:301): arch=c000003e syscall=2
success=yes exit=9 a0=7fffe8125540 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=7779 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592567.255:301): avc: denied { read } for
pid=7779 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:23:07 2011
type=SYSCALL msg=audit(1315592587.857:305): arch=c000003e syscall=2
success=yes exit=6 a0=7fffd14031b0 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=7882 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592587.857:305): avc: denied { read } for
pid=7882 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
----
time->Fri Sep 9 18:25:29 2011
type=SYSCALL msg=audit(1315592729.758:316): arch=c000003e syscall=2
success=yes exit=6 a0=7fffffd7c220 a1=c2 a2=1a4 a3=0 items=0 ppid=1
pid=8262 auid=0 uid=496 gid=494 euid=496 suid=496 fsuid=496 egid=494
sgid=494 fsgid=494 tty=(none) ses=1 comm="ns-slapd"
exe="/usr/sbin/ns-slapd" subj=unconfined_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(1315592729.758:316): avc: denied { read } for
pid=8262 comm="ns-slapd" name="lock" dev=sda2 ino=1710
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file


On Fri, Sep 9, 2011 at 1:35 PM, Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>> wrote:

    Jimmy wrote:

        I temporarily disabled SElinux(echo 0 >/selinux/enforce) and the
        install
        completed. Did I miss something in the documentation? I didn't see
        anything aboud SElinux in the install doc.


    It should work in enforcing mode.

    Can you provide the output of this:

    ausearch -m avc -ts recent

    This will show us the SELinux denials over the last 10 minutes (recent).

    rob



What version of selinux-policy do you have installed? (rpm -q selinux-policy)

thanks

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to