[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] FreeIPA 2.1.0 - SELinux



Siggi, 

The fix for this has already been checked into the dogtag code.  We'll
have a new build out (for pki-ca) probably sometime next week.

Ade

On Fri, 2011-08-19 at 12:57 -0400, Rob Crittenden wrote:
> Sigbjorn Lie wrote:
> > Hi,
> >
> > I've just updated to FreeIPA 2.1.0. I disabled SELinux on this machine
> > (Fedora 15) when I installed IPA, as there was a bug with IPA's SELinux
> > ruleset, which made the ipa-server-install script fail.
> >
> > That decision seem to be biting my ass now, I get the following error
> > message: "/usr/bin/runcon: /usr/bin/runcon may be used only on a SELinux
> > kernel" whenever I attempt to start IPA. See below for output.
> >
> > After configuring SELinux to be permissive the error disappears, and IPA
> > starts normally.
> >
> > I have opened a bug here:
> > https://bugzilla.redhat.com/show_bug.cgi?id=732064
> >
> > Other than that - thank you for an excellent product! I've been waiting
> > for the automount option in the GUI, makes editing automount rules a
> > whole lot easier!! :)
> >
> >
> >
> >
> > Regards,
> > Siggi
> >
> >
> >
> >
> >
> > [root ipa03 ~]# ipactl restart
> > Restarting Directory Service
> > Shutting down dirsrv:
> > IX-TEST-COM... server already stopped [FAILED]
> > PKI-IPA... server already stopped [FAILED]
> > *** Error: 2 instance(s) unsuccessfully stopped [FAILED]
> > Starting dirsrv:
> > IX-TEST-COM... [ OK ]
> > PKI-IPA... [ OK ]
> > Restarting KDC Service
> > Restarting krb5kdc (via systemctl): [ OK ]
> > Restarting KPASSWD Service
> > Restarting ipa_kpasswd (via systemctl): [ OK ]
> > Restarting HTTP Service
> > Restarting httpd (via systemctl): [ OK ]
> > Restarting CA Service
> > Stopping pki-ca: [ OK ]
> > /usr/bin/runcon: /usr/bin/runcon may be used only on a SELinux kernel
> > Failed to restart CA Service
> > Shutting down
> > Stopping krb5kdc (via systemctl): [ OK ]
> > Stopping ipa_kpasswd (via systemctl): [ OK ]
> > Stopping httpd (via systemctl): [ OK ]
> > Stopping pki-ca: [ OK ]
> > Shutting down dirsrv:
> > IX-TEST-COM... [ OK ]
> > PKI-IPA... [ OK ]
> > Aborting ipactl
> > [root ipa03 ~]# getenforce
> > Disabled
> >
> 
> What is/was the bug in the SELinux ruleset that caused you to disable 
> SELinux in the first place?
> 
> rob
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users redhat com
> https://www.redhat.com/mailman/listinfo/freeipa-users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]