Closed zpytela closed 4 months ago
The krb5kdc daemon now uses LMDB database format and since it uses the mmap() syscall on the files, it also requires the map SELinux permission.
The commit addresses the following AVC denial: type=AVC msg=audit(1708536086.456:512): avc: denied { map } for pid=1677 comm="krb5kdc" path="/var/kerberos/krb5kdc/principal.mdb-lock" dev="vda2" ino=262184 scontext=system_u:system_r:krb5kdc_t:s0 tcontext=unconfined_u:object_r:krb5kdc_principal_t:s0 tclass=file permissive=1
Resolves: rhbz#2265378
The krb5kdc daemon now uses LMDB database format and since it uses the mmap() syscall on the files, it also requires the map SELinux permission.
The commit addresses the following AVC denial: type=AVC msg=audit(1708536086.456:512): avc: denied { map } for pid=1677 comm="krb5kdc" path="/var/kerberos/krb5kdc/principal.mdb-lock" dev="vda2" ino=262184 scontext=system_u:system_r:krb5kdc_t:s0 tcontext=unconfined_u:object_r:krb5kdc_principal_t:s0 tclass=file permissive=1
Resolves: rhbz#2265378