* Saltstack and ipa-install on Centos7 failing
@ 2015-03-13 17:24 Andrew Holway
2015-03-13 17:46 ` Stephen Smalley
2015-03-13 20:49 ` Daniel J Walsh
0 siblings, 2 replies; 4+ messages in thread
From: Andrew Holway @ 2015-03-13 17:24 UTC (permalink / raw)
To: selinux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hallo,
Could someone please lend a hand with this issue?
https://www.redhat.com/archives/freeipa-users/2015-March/msg00345.html
When I run ipa-server-install from Saltstack it is breaking. I imagine
this is because the script is being run in an unexpected domain
(init_t rather than unconfined_t).
Thanks,
Andrew
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJVAx1ZAAoJEMFRZbkg22K+A2QP/3qXIw6EKuklLhDPGh81TWjA
DuLF3nvvEq/50XFFPNNceUFCs4vST8EUYTX0S968wy6v7R1oAb398wQOQrWUR2LR
mSxYQEv7Pk1aqxAraBUDk/qxgYn/Mztsz4xh/F+Wsh+EWMN+CN/hueuU9CAAD9VA
ZJax9FO+9GjwHj688ZidHQPJyBh4QTTU0mIB3dGmBhFZ1rdOraIGgbMD5P9j6ltV
uX/3p8hr61irBcvWb9caVLS/kBlcFWHHLSQhMYM4wibNxYPgKB9fWYsLexPTPVRm
DizR098vXahtmVHbCV0Cyaixq9uifSZc5UZfXiphjeooIme9jTEV8R75f2NzSHRv
ulOJBzok2lCovtnE492BP/7SFdEH3Yttgg71mXG0cW7ozJLwcuKnEm1loWJ/4KXx
7u3wf7yeeOjakaE51wVrz/a47vtWdlNDbkHe1WFvb3MSmJby13xRc6km+Cd0Nw10
l1d97/renCRiDjXqNa0xwCiRp76WrxCJ0FLIkm9MD7c0/pKj1YZ0mpRCM9eobutH
FZOXkiprOCvq6N4L24nYccGQC1pdQM91GIU3bM/bpAIP/v6P/bBaNBo8BGS0faTj
l1KPeCdU+novZojpCEnQPkq7WIUivKDt/Ni5ORXiF2G10iNzpOMd51AuavkzvtIi
TMIrEYiVHhMjCeruuGpQ
=2xyi
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Saltstack and ipa-install on Centos7 failing
2015-03-13 17:24 Saltstack and ipa-install on Centos7 failing Andrew Holway
@ 2015-03-13 17:46 ` Stephen Smalley
2015-03-13 20:49 ` Daniel J Walsh
1 sibling, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2015-03-13 17:46 UTC (permalink / raw)
To: Andrew Holway, selinux
On 03/13/2015 01:24 PM, Andrew Holway wrote:
> Hallo,
>
> Could someone please lend a hand with this issue?
>
> https://www.redhat.com/archives/freeipa-users/2015-March/msg00345.html
>
> When I run ipa-server-install from Saltstack it is breaking. I imagine
> this is because the script is being run in an unexpected domain
> (init_t rather than unconfined_t).
How is it launched? How much control do you have over how it is
launched? If you can just modify its init script or unit file or
whatever, you could either have it invoke runcon with an explicit
context to run in the desired context or put the launch command in a
script file and label it with an appropriate _exec_t type to transition
automatically into the desired domain. That said, neither initrc_t nor
unconfined_t are particularly desirable domains; it should really have
its own domain.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Saltstack and ipa-install on Centos7 failing
2015-03-13 17:24 Saltstack and ipa-install on Centos7 failing Andrew Holway
2015-03-13 17:46 ` Stephen Smalley
@ 2015-03-13 20:49 ` Daniel J Walsh
2015-03-16 13:00 ` Miroslav Grepl
1 sibling, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2015-03-13 20:49 UTC (permalink / raw)
To: Andrew Holway, selinux
[-- Attachment #1: Type: text/plain, Size: 732 bytes --]
What label is on the script? unconfined_t is a user type init_t is an
executable being run from init.
On 03/13/2015 01:24 PM, Andrew Holway wrote:
> Hallo,
>
> Could someone please lend a hand with this issue?
>
> https://www.redhat.com/archives/freeipa-users/2015-March/msg00345.html
>
> When I run ipa-server-install from Saltstack it is breaking. I imagine
> this is because the script is being run in an unexpected domain
> (init_t rather than unconfined_t).
>
> Thanks,
>
> Andrew
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
Selinux-request@tycho.nsa.gov.
>
>
[-- Attachment #2: Type: text/html, Size: 1622 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Saltstack and ipa-install on Centos7 failing
2015-03-13 20:49 ` Daniel J Walsh
@ 2015-03-16 13:00 ` Miroslav Grepl
0 siblings, 0 replies; 4+ messages in thread
From: Miroslav Grepl @ 2015-03-16 13:00 UTC (permalink / raw)
To: Daniel J Walsh, Andrew Holway, selinux
[-- Attachment #1: Type: text/plain, Size: 1224 bytes --]
On 03/13/2015 09:49 PM, Daniel J Walsh wrote:
> What label is on the script? unconfined_t is a user type init_t is an
> executable being run from init.
Yes, what is a label for /usr/sbin/ipa-server-install on your system?
You should see it running as init_t on Centos7. We have
unconfined_service_t on RHEL7.1.
> On 03/13/2015 01:24 PM, Andrew Holway wrote:
>> Hallo,
>>
>> Could someone please lend a hand with this issue?
>>
>> https://www.redhat.com/archives/freeipa-users/2015-March/msg00345.html
>>
>> When I run ipa-server-install from Saltstack it is breaking. I imagine
>> this is because the script is being run in an unexpected domain
>> (init_t rather than unconfined_t).
>>
>> Thanks,
>>
>> Andrew
> > _______________________________________________
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> > To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
> >
> >
>
>
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
[-- Attachment #2: Type: text/html, Size: 3029 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-03-16 13:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-13 17:24 Saltstack and ipa-install on Centos7 failing Andrew Holway
2015-03-13 17:46 ` Stephen Smalley
2015-03-13 20:49 ` Daniel J Walsh
2015-03-16 13:00 ` Miroslav Grepl
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.