Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: nscd with selinux with ssl: msg#00229
|
Subject: |
Re: nscd with selinux with ssl |
Daniel J Walsh wrote:
Farkas Levente wrote:
hi,
i try to use nscd with ldap and tls. in this case you should define a
cacert, cert and key file for nss. but afaik there is no default palce
to put these file and there is no default policy to allow nscd to read
any kind of pem file(s). it'd be useful to define a standard place for
these cert files and allow nscd to read these files.
yours.
/usr/share/ssl/certs??
Although I still think this stuff belongs in /etc but I don't make the
rules.
the first thing i always do aftera fresh install:
----------------------------
mv /usr/share/ssl /etc
cd /usr/share
ln -s /etc/ssl
----------------------------
:-) so i definitely agree with you. i don't know make this rule, but
it'd be _very_ useful to convince him, that config files should have to
be under somewhere /etc/ (but that's another story).
and my current pem files are under /etc/ssl/,
----------------------------
# ls -aZ /etc/ssl/certs/cacert.pem
-rw-r--r-- root root root:object_r:usr_t
/etc/ssl/certs/cacert.pem
----------------------------
and in my messages:
----------------------------
Mar 31 17:08:23 kek kernel: audit(1112281703.777:0): avc: denied {
read } for pid=14271 exe=/usr/sbin/nscd name=cacert.pem dev=md0
ino=2291612 scontext=root:system_r:nscd_t tcontext=root:object_r:usr_t
tclass=file
----------------------------
that's why i ask for it:-)
yours.
--
Levente "Si vis pacem para bellum!"
|
| |
