[Kolab-devel] [3.5] Installation on CentOS: webadmin login

Jochen Hein jochen at jochen.org
Tue Jan 26 21:58:54 CET 2016


Timotheus Pokorra <timotheus at pokorra.de> writes:

> Hello Jochen,
>
>> After that I can login to kolab-webadmin and can create a user.
>> Can we use that Instead of "disable selinux" in the installation
>> instructions (source/installation-guide/preparing-the-system.rst)?
>> Or is that something that should be added to setup-kolab?
> Would be nice if setup-kolab could do that. It should go somewhere in
> https://cgit.kolab.org/pykolab/tree/pykolab/setup/setup_ldap.py#n357

Yes, that might be useful.

> For a basic installation, people would have everything on one machine
> anyway, and would still need to disable SELinux.

I had a look at audit2why, which hinted me to the following commands:
setsebool -P httpd_can_sendmail 1
setsebool -P httpd_can_network_connect 1
setsebool -P nis_enabled 1

audit2allow gave the following output:

#============= cyrus_t ==============
allow cyrus_t init_t:file { read open };

#!!!! This avc is allowed in the current policy
allow cyrus_t unreserved_port_t:tcp_socket name_bind;

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t ldap_port_t:tcp_socket name_connect;

#!!!! This avc is allowed in the current policy
allow httpd_t pop_port_t:tcp_socket name_connect;

#============= unconfined_t ==============
allow unconfined_t init_t:service enable;

Until now it seems we are not far away from running with selinux.

Jochen

-- 
The only problem with troubleshooting is that the trouble shoots back.


More information about the devel mailing list