On 12/01/2022 18:31, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
> Hi guys
>
> When I sign a zone I get lots of:
> ...
> File.cpp(94): Could not open the file (Permission denied):
>
/var/lib/ipa/dnssec/tokens/4ee2f633-3b2a-ef03-6909-473386d17234/26365760-a70d-19be-2db1-a80adc796477.object
>
> File.cpp(94): Could not open the file (Permission denied):
>
/var/lib/ipa/dnssec/tokens/4ee2f633-3b2a-ef03-6909-473386d17234/9776a26e-2ad9-1b46-b65c-11265eee7fbd.object
>
> File.cpp(94): Could not open the file (Permission denied):
>
/var/lib/ipa/dnssec/tokens/4ee2f633-3b2a-ef03-6909-473386d17234/9776a26e-2ad9-1b46-b65c-11265eee7fbd.object
>
> zone private.road/IN (signed): sending notifies (serial 1642004083)
> client @0x7f8f7c1948b8 10.3.1.99#39887: received notify for zone
> 'private.road'
>
> Are those a reason to worry & investigate? If not then what do they
> translate to?
I'd start by checking for SELinux AVCs and FS permissions.
I seem to recall that another user has reported a race condition related
to softhsm2.
rob
folder and its content:
drwxrws---. 2 ods named 12288 Jan 12 16:14
/var/lib/ipa/dnssec/tokens/4ee2f633-3b2a-ef03-6909-473386d17234/
fcontext labels are as policies dictate, no SELinux issues
unless some things are denied silently.
This is on Centos 9 - should I make it a BZ?
thanks, L.