Package: selinux-policy-default Version: 2:2.20110726-1 Severity: normal The current ldap module uses /etc/rc.d/.. for the path to the slapd init script, which causes slapd to linger in initrc_exec_t in permissive mode. I suspect it will not start at all in enforcing mode.
Solved locally by adding the correct path as an fcontext entry. The correct entry should (hopefully) be: /etc/init\.d/slapd -- gen_context(system_u:object_r:slapd_initrc_exec_t,s0) (I'd also suggest renaming the module to openldap, since there are many) Regards, Arno -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (990, 'stable'), (600, 'testing'), (200, 'stable-updates') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-486 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.1.1-6.1+squeeze1 Pluggable Authentication Modules f ii libselinux1 2.0.96-1 SELinux runtime shared libraries ii libsepol1 2.1.0-1.2 SELinux library for manipulating b ii policycoreutils 2.1.0-3 SELinux core policy utilities ii python 2.6.6-3+squeeze6 interactive high-level object-orie Versions of packages selinux-policy-default recommends: ii checkpolicy 2.0.22-1 SELinux policy compiler pn setools <none> (no description available) Versions of packages selinux-policy-default suggests: pn logcheck <none> (no description available) pn syslog-summary <none> (no description available) -- Configuration Files: /etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
