Last Modified: Mar 02, 2019
Opened: Mar 28, 2018
DNSSEC keys that use an external FIPS device are not generated, and an SELinux denial is reported in /var/log/auditd/audit.log. The logged permission denial should indicate that a process running under the 'mcpd_t' SELinux context was denied the 'execmem' permission.
DNSSEC keys will not be generated when configured to use the external FIPS device.
-- A device is configured with one or more DNSSEC keys that are configured to be generated by an external FIPS device (indicated by the 'use-fips' option being set to 'external'). -- An unpatched version of the Thales client software be in use on the device.
Update the version of the Thales client software that is in use on the device.