RHDS: dirsrv start issue due to selinux security context issue.
Issue
- RHDS: dirsrv start issue due to selinux security context issue.
- The
disrvinstance is not starting due to below errors.
- /var/log/message
Sep 30 15:11:41 ldap1 systemd: Starting 389 Directory Server ldap1....
Sep 30 15:11:41 ldap1 ns-slapd: [30/Sep/2016:15:11:41 -0400] - chown_dir_files: file (/etc/dirsrv/slapd-ldap1/cert8.db) chown failed (13) Permission denied.
Sep 30 15:11:41 ldap1 systemd: Started 389 Directory Server ldap1..
Sep 30 15:11:41 ldap1 ns-slapd: [30/Sep/2016:15:11:41 -0400] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8015 - The certificate/key database is in an old, unsupported format or failed to open.): certdir: /etc/dirsrv/slapd-ldap1
Sep 30 15:11:42 ldap1 ns-slapd: [30/Sep/2016:15:11:42 -0400] - ERROR: NSS Initialization Failed. Disabling NSS.
- /var/log/audit/audit.log
type=AVC msg=audit(1475601014.439:16288): avc: denied { open } for pid=7858 comm="ns-slapd" path="/etc/dirsrv/slapd-ldap1/cert8.db" dev="dm-3" ino=142 scontext=system_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1475723596.548:18237): avc: denied { open } for pid=53341 comm="ns-slapd" path="/etc/dirsrv/slapd-ldap1/cert8.db" dev="dm-3" ino=142 scontext=system_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
Environment
- Red Hat Directory Server 9
- Red Hat Directory Server 10
- Selinux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
