| 1 |
On Sat, Jun 17, 2017 at 06:20:40PM +0100, Robert Sharp wrote: |
| 2 |
> I had assumed this was the file of that name in /etc/ssl/certs but your |
| 3 |
> comment made me check the inode and I was wrong. It is actually a |
| 4 |
> directory "/usr/share/ca-certificates" which also has the "cert_t" |
| 5 |
> context. There is no script by that name associated with ddclient so I |
| 6 |
> guess ddclient is trying to (via openssl) access this directory/path? |
| 7 |
|
| 8 |
The context on that directory is correct. If it is indeed ddclient that is |
| 9 |
trying to manipulate that directory content, then by all means, add in the |
| 10 |
privilege to do so. |
| 11 |
|
| 12 |
Now, if I look at the current description of ddclient (i.e. perl client used |
| 13 |
to update dynamic DNS entries) then I personally wonder if ddclient is |
| 14 |
actually trying to *manipulate* the certificates (or add certificates to it) |
| 15 |
rather than just use it. |
| 16 |
|
| 17 |
It's okay to use it. Manipulating the directory seems to be something I |
| 18 |
would want to verify with the application itself first. If it is a Perl |
| 19 |
script, then it might be easy to find out why. |
| 20 |
|
| 21 |
Wkr, |
| 22 |
Sven Vermeulen |
Archives