RHDS: dirsrv start issue due to selinux security context issue.
Issue
- RHDS: dirsrv start issue due to selinux security context issue.
- The
disrv
instance is not starting due to below errors.
- /var/log/message
Sep 30 15:11:41 ldap1 systemd: Starting 389 Directory Server ldap1....
Sep 30 15:11:41 ldap1 ns-slapd: [30/Sep/2016:15:11:41 -0400] - chown_dir_files: file (/etc/dirsrv/slapd-ldap1/cert8.db) chown failed (13) Permission denied.
Sep 30 15:11:41 ldap1 systemd: Started 389 Directory Server ldap1..
Sep 30 15:11:41 ldap1 ns-slapd: [30/Sep/2016:15:11:41 -0400] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8015 - The certificate/key database is in an old, unsupported format or failed to open.): certdir: /etc/dirsrv/slapd-ldap1
Sep 30 15:11:42 ldap1 ns-slapd: [30/Sep/2016:15:11:42 -0400] - ERROR: NSS Initialization Failed. Disabling NSS.
- /var/log/audit/audit.log
type=AVC msg=audit(1475601014.439:16288): avc: denied { open } for pid=7858 comm="ns-slapd" path="/etc/dirsrv/slapd-ldap1/cert8.db" dev="dm-3" ino=142 scontext=system_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1475723596.548:18237): avc: denied { open } for pid=53341 comm="ns-slapd" path="/etc/dirsrv/slapd-ldap1/cert8.db" dev="dm-3" ino=142 scontext=system_u:system_r:dirsrv_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
Environment
- Red Hat Directory Server 9
- Red Hat Directory Server 10
- Selinux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.