25 Jul
2019
25 Jul
'19
8:22 a.m.
On 7/25/19 4:56 PM, Howard Chu wrote:
Most likely something like SELinux policy has changed between Debian 9 and Debian 10.
AFAIK Debian 10 enables AppArmor by default not SELinux. But not sure whether slapd is confined because AppArmor default policy is "targeted". Better check with ps auxZ.
E.g. on my system:
ae-dir-p1:~ # ps auxZ | grep slapd ae-slapd (enforce) ae-dir-+ 1313 [..]
If (enforce) is listed then the process is confined by an AppArmor profile. Otherwise the process is listed as "unconfined".
If AppArmor profile is causing the issue you might want to watch out for DENIED lines in auditd log and add the privileges listed as missing.
Ciao, Michael.