[Freeipa-devel] [PATCH] 0283-enable-proxy-for-dogtag
Simo Sorce
simo at redhat.com
Fri Aug 26 18:34:32 UTC 2011
On Fri, 2011-08-26 at 14:03 -0400, Simo Sorce wrote:
> On Fri, 2011-08-26 at 12:45 -0400, Adam Young wrote:
> > On 08/25/2011 05:24 PM, Adam Young wrote:
> > > Uses the updated version of pkicreate which makes an ipa specific
> > > proxy config file.
> > >
> > >
> > > _______________________________________________
> > > Freeipa-devel mailing list
> > > Freeipa-devel at redhat.com
> > > https://www.redhat.com/mailman/listinfo/freeipa-devel
> > The test for the proxy file in /etc/httpd/conf.d was "isfile' but
> > since the file is actually a symlink, it needs to be "islink". This
> > one checks for either.
>
> Nack, install fails after configuring the http service.
> Restart bails out
>
> using export SYSTEMCL_SKIP_REDIRECT=1 to get systemd out of the way (it
> was suppressing the error output) I get an permission denied error
> trying to open /etc/httpd/conf.d/proxy-ipa.conf
> That's a symlink into /etc/pki-ca/proxy-ipa.conf which is a file owned
> by pkiuser:pkiuser with permission 660 (therefore not readable by the
> apache user).
Ok it turns out permissions are not the real issue as the file is read
while apache is till root, it's a selinux issue.
Apache starts if I setenforce 0
Still a NAck of course, it needs to work with selinux in enforcing mode
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list