[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] FreeIPA 2.1.0 - SELinux



Ah, excellent. Thanks. :)


Rgds,
Siggi



On 08/19/2011 07:17 PM, Ade Lee wrote:
Siggi,

The fix for this has already been checked into the dogtag code.  We'll
have a new build out (for pki-ca) probably sometime next week.

Ade

On Fri, 2011-08-19 at 12:57 -0400, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,

I've just updated to FreeIPA 2.1.0. I disabled SELinux on this machine
(Fedora 15) when I installed IPA, as there was a bug with IPA's SELinux
ruleset, which made the ipa-server-install script fail.

That decision seem to be biting my ass now, I get the following error
message: "/usr/bin/runcon: /usr/bin/runcon may be used only on a SELinux
kernel" whenever I attempt to start IPA. See below for output.

After configuring SELinux to be permissive the error disappears, and IPA
starts normally.

I have opened a bug here:
https://bugzilla.redhat.com/show_bug.cgi?id=732064

Other than that - thank you for an excellent product! I've been waiting
for the automount option in the GUI, makes editing automount rules a
whole lot easier!! :)




Regards,
Siggi





[root ipa03 ~]# ipactl restart
Restarting Directory Service
Shutting down dirsrv:
IX-TEST-COM... server already stopped [FAILED]
PKI-IPA... server already stopped [FAILED]
*** Error: 2 instance(s) unsuccessfully stopped [FAILED]
Starting dirsrv:
IX-TEST-COM... [ OK ]
PKI-IPA... [ OK ]
Restarting KDC Service
Restarting krb5kdc (via systemctl): [ OK ]
Restarting KPASSWD Service
Restarting ipa_kpasswd (via systemctl): [ OK ]
Restarting HTTP Service
Restarting httpd (via systemctl): [ OK ]
Restarting CA Service
Stopping pki-ca: [ OK ]
/usr/bin/runcon: /usr/bin/runcon may be used only on a SELinux kernel
Failed to restart CA Service
Shutting down
Stopping krb5kdc (via systemctl): [ OK ]
Stopping ipa_kpasswd (via systemctl): [ OK ]
Stopping httpd (via systemctl): [ OK ]
Stopping pki-ca: [ OK ]
Shutting down dirsrv:
IX-TEST-COM... [ OK ]
PKI-IPA... [ OK ]
Aborting ipactl
[root ipa03 ~]# getenforce
Disabled

What is/was the bug in the SELinux ruleset that caused you to disable
SELinux in the first place?

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users redhat com
https://www.redhat.com/mailman/listinfo/freeipa-users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]