From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id t2GD09Tx012537 for ; Mon, 16 Mar 2015 09:00:09 -0400 Message-ID: <5506D3D4.90005@redhat.com> Date: Mon, 16 Mar 2015 14:00:04 +0100 From: Miroslav Grepl Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=_Boundary-2884-1426510811-0001-2" To: Daniel J Walsh , Andrew Holway , selinux@tycho.nsa.gov Subject: Re: Saltstack and ipa-install on Centos7 failing References: <55031D59.2040909@native-instruments.de> <55034D57.7040608@redhat.com> In-Reply-To: <55034D57.7040608@redhat.com> List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_Boundary-2884-1426510811-0001-2 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit On 03/13/2015 09:49 PM, Daniel J Walsh wrote: > What label is on the script? unconfined_t is a user type init_t is an > executable being run from init. Yes, what is a label for /usr/sbin/ipa-server-install on your system? You should see it running as init_t on Centos7. We have unconfined_service_t on RHEL7.1. > On 03/13/2015 01:24 PM, Andrew Holway wrote: >> Hallo, >> >> Could someone please lend a hand with this issue? >> >> https://www.redhat.com/archives/freeipa-users/2015-March/msg00345.html >> >> When I run ipa-server-install from Saltstack it is breaking. I imagine >> this is because the script is being run in an unexpected domain >> (init_t rather than unconfined_t). >> >> Thanks, >> >> Andrew > > _______________________________________________ > > Selinux mailing list > > Selinux@tycho.nsa.gov > > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > > To get help, send an email containing "help" to > Selinux-request@tycho.nsa.gov. > > > > > > > > > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. --=_Boundary-2884-1426510811-0001-2 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Mime-Autoconverted: from 8bit to quoted-printable by mime827

On 03/13/2015 09:49 PM, Daniel J Wals= h wrote:

What label is on the script?=A0 unconfined_t is a user type init_t is an executable being run from init.

Yes, what is a label for /usr/sbin/ipa-server-insta= ll on your system?

You should see it running as init_t on Centos7. We have unconfined_service_t on RHEL7.1.

= On 03/13/2015 01:24 PM, Andrew Holway wrote:

Hallo,

Could someone please lend a hand with this issue?

https://www.redhat.com/archives/freeipa-users/2015-March/msg0034= 5.html

When I run ipa-server-install from Saltstack it is breaking. I imagine
this is because the script is being run in an unexpected domain<= br> (init_t rather than unconfined_t).

Thanks,

Andrew

> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tych= o.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@= tycho.nsa.gov.
>
>
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-requ=
est@tycho.nsa.gov.

--=_Boundary-2884-1426510811-0001-2--