On 09/02/17 19:01, Konstantin Olchanski wrote:
> Since I will learn selinux after I learn ldap after our current high-priority
> project ships to CERN in September, I do not see any solution other than disabling
> selinux until this is fixed (presumably by the EPEL package certbot incuding
> correct selinux policy kludges).
If you can provide the the related "denied" lines from
/var/log/audit/audit.log, I can definitely try to help you out. In
worst case just provide the last 200 denied lines, and we'll start from
there.
Manipulating the SELinux policy can be hard if you haven't done it
before - but once you know the tools and understands the concept, it is
fairly simple.
--
kind regards,
David Sommerseth