On Fri, 11 Apr 2014, rashard.ke...@sita.aero wrote:
futex(0x7f0e2e1462c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/tmp/krb5cc_1599100000_CUkupo", O_RDONLY) = -1 EACCES (Permission
denied)


Are you sure you don't have SELinux really running and enabled?

Because the following output makes me really worry:
[root@replicahostname /tmp]# ll -Za
drwxrwxrwt. root    root    system_u:object_r:tmp_t:s0       .
dr-xr-xr-x. root    root    system_u:object_r:root_t:s0      ..
-rw-------  rkelly  rkelly  ? .bash_history
drwxrwxrwt  root    root    ?                                .ICE-unix
drwxrwxr-x  rkelly  rkelly  ?                                .ipa
-r--------  root    root    ?                                krb5cc_0
-r--------  xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
-r--------  rkelly  rkelly  ? krb5cc_1599100000_CUkupo
-r--------  rkelly  rkelly  ? krb5cc_1599100000_ZekyY0
These rkelly:rkelly krb5cc_* files have no SELinux label and should be
readable to the owner.

Can you show:

[root] # sestatus
[root] # audit2why -b -w -t avc


--
/ Alexander Bokovoy

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to