[Freeipa-users] [Freeipa-devel] FreeIPA beta1: SELinux prohibits memcached
Martin Kosek
mkosek at redhat.com
Tue Mar 20 12:02:50 UTC 2012
On Tue, 2012-03-20 at 12:44 +0100, Marco Pizzoli wrote:
> Hi guys,
> I don't know if you already know this, but in my logs I can find this:
>
>
> Mar 20 12:14:47 freeipa01 setroubleshoot: SELinux is
> preventing /usr/bin/memcached from create access on the sock_file
> ipa_memcached. For complete SELinux messages. run sealert -l
> 85b51f4e-3f2e-4e7d-819f-1efb04836de3
>
>
> I'm running:
>
>
> [root at freeipa01 ipa]# rpm -qa|grep freeipa
> freeipa-server-selinux-2.1.90.rc1-0.fc16.x86_64
> freeipa-client-2.1.90.rc1-0.fc16.x86_64
> freeipa-server-2.1.90.rc1-0.fc16.x86_64
> freeipa-admintools-2.1.90.rc1-0.fc16.x86_64
> freeipa-python-2.1.90.rc1-0.fc16.x86_64
>
>
> HTH
> Marco
Hello Marco,
there is a SELinux policy where this issue is fixed:
https://admin.fedoraproject.org/updates/FEDORA-2012-2733/selinux-policy-3.10.0-80.fc16
Its still in updates-testing though. This is an appropriate BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=783592
It requires "httpd_manage_ipa" SELinux boolean to be set, upstream
FreeIPA bits already sets it automatically during installation.
Martin
More information about the Freeipa-users
mailing list