I'm getting SELinux denials on my Fedora 42 FreeIPA server, because the
pkidaemon is trying to access pkiuser's home directory (/home/pkiuser).
avc: denied { search } for pid=5140 comm="pkidaemon" name="pkiuser"
dev="dm-0" ino=8598034 scontext=system_u:system_r:pki_tomcat_t:s0
tcontext=system_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0
Looking at the only other FreeIPA server to which I have access (an old
RHEL 7 system), I see that pkiuser's home directory is /usr/share/pki.
Is the pkiuser's home directory on my Fedora system incorrect, or has it
changed in the intervening years? (Can anyone running FreeIPA on Fedora
check?)
Also, does anyone know how that user gets created during FreeIPA
install?
--
========================================================================
If your user interface is intuitive in retrospect ... it isn't intuitive
========================================================================
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
