On 09/02/17 19:01, Konstantin Olchanski wrote: > Since I will learn selinux after I learn ldap after our current high-priority > project ships to CERN in September, I do not see any solution other than > disabling > selinux until this is fixed (presumably by the EPEL package certbot incuding > correct selinux policy kludges).
If you can provide the the related "denied" lines from /var/log/audit/audit.log, I can definitely try to help you out. In worst case just provide the last 200 denied lines, and we'll start from there. Manipulating the SELinux policy can be hard if you haven't done it before - but once you know the tools and understands the concept, it is fairly simple. -- kind regards, David Sommerseth
