1 |
On Sat, Jun 17, 2017 at 06:20:40PM +0100, Robert Sharp wrote: |
2 |
> I had assumed this was the file of that name in /etc/ssl/certs but your |
3 |
> comment made me check the inode and I was wrong. It is actually a |
4 |
> directory "/usr/share/ca-certificates" which also has the "cert_t" |
5 |
> context. There is no script by that name associated with ddclient so I |
6 |
> guess ddclient is trying to (via openssl) access this directory/path? |
7 |
|
8 |
The context on that directory is correct. If it is indeed ddclient that is |
9 |
trying to manipulate that directory content, then by all means, add in the |
10 |
privilege to do so. |
11 |
|
12 |
Now, if I look at the current description of ddclient (i.e. perl client used |
13 |
to update dynamic DNS entries) then I personally wonder if ddclient is |
14 |
actually trying to *manipulate* the certificates (or add certificates to it) |
15 |
rather than just use it. |
16 |
|
17 |
It's okay to use it. Manipulating the directory seems to be something I |
18 |
would want to verify with the application itself first. If it is a Perl |
19 |
script, then it might be easy to find out why. |
20 |
|
21 |
Wkr, |
22 |
Sven Vermeulen |