On Tuesday, August 06, 2013 02:44:57 PM Martin Kosek wrote: > I see there are some SELinux issues for accessing /tmp/hsperfdata_root, they > look strange.
I was running into the same SELinux issue when installing two FreeIPA servers in virtual machines yesterday: SELinux is preventing /usr/lib/jvm/java-1.7.0- openjdk-1.7.0.25-2.3.12.3.fc19.x86_64/jre/bin/java from read access on the directory hsperfdata_root. For me, the problem was two-fold: 1. When creating a new VM, I typically issue 'systemctl mask tmp.mount' and reboot as a first rule, since I don't have the availability to have a huge chunk of the VM's allocated RAM used up for /tmp. 2. Beccause of 1., the /tmp directory persists across reboots, and after initial FreeIPA installation, the /tmp/hsperfdata_root diretctory and files have the system_u:object_r:rpm_script_tmp_t:s0 SELinux label, when they should have system_u:object_r:pki_tomcat_tmp_t:s0. I resolved this issue by stopping IPA, removing /tmp/hsperfdata_root, and rebooting the machine, where I was able to observe the directory and files created with the proper context. Without knowing the proper context beforehand, there was no way to issue a restorecon, since there is no default label for /tmp/hsperfdata_root. -A -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users