[Freeipa-users] enabling selinux on ipa server
Rob Crittenden
rcritten at redhat.com
Sun Oct 25 04:13:27 UTC 2015
Prasun Gera wrote:
> I've done that now in addition to the few fixes that I made manually
> earlier. These were the messages:
> SELinux is preventing /usr/sbin/ns-slapd from write access on the file
> ldap_988
> SELinux is preventing /usr/sbin/httpd from read access on the lnk_file
> /etc/httpd/logs
> And a few others. I also had to do sudo setsebool -P httpd_manage_ipa 1
It would help to know what version you're using.
The installer will skip setting the booleans if SELinux disabled. The
installer won't disable SELinux itself.
A default install will enable these booleans:
httpd_can_network_connect
httpd_manage_ipa
httpd_run_ipa
AD trust will enable samba_portmapper
rob
>
> On Sat, Oct 24, 2015 at 10:51 AM, Lukas Slebodnik <lslebodn at redhat.com
> <mailto:lslebodn at redhat.com>> wrote:
>
> On (23/10/15 20:57), Prasun Gera wrote:
> >selinux was disabled for some reason when the ipa server(replica) was
> >installed. I enabled it, and see that there are a lot of selinux
> related
> >permissions problems in syslog. Is this a known issue ? I tried
> fixing some
> >of them manually, but i would like a better approach.
> FreeIPA should work fine with SELinux in enforcing mode.
>
> I would recommend to restore SELinux context of files on that machine.
>
> restorecon -Rv /
>
> LS
>
>
>
>
More information about the Freeipa-users
mailing list