Hi guys, I'm working on Fedora16 and FreeIPA 2.1.4. I executed the command ipa-server-install and during the setup digging in the logs i can find this error, related to SELinux. I'm running in Permissive mode, so nothing prevented me to successfully complete my setup.
Is this an error in the policy? Thanks in advance Marco [root@freeipa01 ~]# sealert -l 885f3218-de29-4254-b095-0439320b3a50 SELinux is preventing /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java from name_connect access on the None . ***** Plugin catchall (100. confidence) suggests *************************** If you believe that java should be allowed name_connect access on the <Unknown> by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep java /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:pki_ca_t:s0 Target Context system_u:object_r:ephemeral_port_t:s0 Target Objects [ None ] Source java Source Path /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre /bin/java Port 59940 Host freeipa01.unix.mydomain.it Source RPM Packages java-1.6.0-openjdk-1.6.0.0-61.1.10.4.fc16.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-75.fc16.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name freeipa01.unix.mydomain.it Platform Linux freeipa01.unix.mydomain.it3.2.3-2.fc16.x86_64 #1 SMP Fri Feb 3 20:08:08 UTC 2012 x86_64 x86_64 Alert Count 2 First Seen Fri 10 Feb 2012 01:16:43 PM CET Last Seen Fri 10 Feb 2012 01:17:29 PM CET Local ID 885f3218-de29-4254-b095-0439320b3a50 Raw Audit Messages type=AVC msg=audit(1328876249.581:170): avc: denied { name_connect } for pid=2663 comm="java" dest=59940 scontext=system_u:system_r:pki_ca_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socketnode= freeipa01.unix.mydomain.it type=SYSCALL msg=audit(1328876249.581:170): arch=c000003e syscall=42 success=yes exit=0 a0=29 a1=7fc00b462680 a2=1c a3=7fc00b462410 items=0 ppid=1 pid=2663 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java" subj=system_u:system_r:pki_ca_t:s0 key=(null) Hash: java,pki_ca_t,ephemeral_port_t,None,name_connect audit2allow audit2allow -R
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users