<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
We run with selinux disabled.<br>
<br>
<font face="Courier New, Courier, monospace"># getenforce<br>
Disabled<br>
# restorecon -R -v /etc/httpd/alias<br>
# ipactl start<br>
Starting Directory Service<br>
Starting krb5kdc Service<br>
Starting kadmin Service<br>
Starting named Service<br>
Starting ipa_memcached Service<br>
Starting httpd Service<br>
Starting pki-tomcatd Service<br>
Failed to start pki-tomcatd Service<br>
Shutting down<br>
Aborting ipactl<br>
# ipactl status<br>
Directory Service: STOPPED<br>
Directory Service must be running in order to obtain status of
other services<br>
ipa: INFO: The ipactl command was successful<br>
#<br>
<br>
</font><br>
<br>
<div class="moz-cite-prefix">On 04/29/2016 12:25 PM, Christian
Heimes wrote:<br>
</div>
<blockquote
cite="mid:f30372ba-d271-1255-3c1c-2971db3b11be@redhat.com"
type="cite">
<pre wrap="">On 2016-04-29 18:17, Bret Wortman wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I'll put the results inline here, since they're short.
[root@zsipa log]# ls -laZ /etc/httpd/
drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 .
drwxr-xr-x. root root system_u:object_r:etc_t:s0 ..
drwxr-xr-x. root root system_u:object_r:cert_t:s0 alias
drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 conf
drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 conf.d
drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 conf.modules.d
lrwxrwxrwx root root ? logs ->
../../var/log/httpd
lrwxrwxrwx root root ? modules ->
../../usr/lib64/httpd/modules
lrwxrwxrwx root root ? run -> /run/httpd
[root@zsipa log]# ls -laZ /etc/httpd/alias
drwxr-xr-x. root root system_u:object_r:cert_t:s0 .
drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 ..
-r--r--r-- root root ? cacert.asc
-r--r--r-- root root ? cacert.asc.orig
-rw-r----- root root ? cert8.db
-rw-rw---- root apache ? cert8.db.20160426
-rw-rw---- root apache ? cert8.db.orig
-rw-------. root root system_u:object_r:cert_t:s0 install.log
-rw-r----- root root ? key3.db
-rw-rw---- root apache ? key3.db.20160426
-rw-rw---- root apache ? key3.db.orig
lrwxrwxrwx root root ? libnssckbi.so
-> ../../..//usr/lib64/libnssckbi.so
-rw-rw---- root apache ? pwdfile.txt
-rw-rw---- root apache ? pwdfile.txt.orig
-rw-rw---- root apache ? secmod.db
-rw-rw---- root apache ? secmod.db.orig
</pre>
</blockquote>
<pre wrap="">
Some files don't have the correct SELinux context or are completely
missing a context. SELinux prevents Apache from accessing this files.
Did you replace some files or restore some from a backup? You should see
a bunch of SELinux violations in your audit log.
In order to restore the correct context, please run restorecon:
# restorecon -R -v /etc/httpd/alias
This should set correct contexts and allow you to start Apache HTTPD again.
Christian
</pre>
</blockquote>
<br>
</body>
</html>