[Freeipa-devel] ipa-server-install error
James
purpleidea at gmail.com
Fri May 30 07:44:36 UTC 2014
On Fri, May 30, 2014 at 2:00 AM, Martin Kosek <mkosek at redhat.com> wrote:
> On 05/30/2014 06:14 AM, Dmitri Pal wrote:
>> On 05/29/2014 01:44 AM, James wrote:
>>> /usr/bin/runcon: invalid context: unconfined_u:system_r:pki_ca_script_t:s0:
>>> Invalid argument"
>> Looks like and AVC that lead to restart failure of the PKI instance that in
>> turn led to failure to configure CA.
>
> I asked Ade Lee and got this response:
>
> On 05/29/2014 04:44 PM, Ade Lee wrote:
>> The problem is here:
>>
>> /usr/bin/runcon: invalid context:
>> unconfined_u:system_r:pki_ca_script_t:s0: Invalid argument"
>>
>> We've seen this before. Sometimes pki-selinux fails to load its policy
>> for some reason. The best thing to do is to force re-install
>> pki-selinux (and check for any errors in the /var/log/messages file).
>>
>> Ade
>
Thanks for looking into this... I'm able to reproduce this currently
100% of the time. Unfortunately this breaks automated installs. Is it
a bug that needs filling somewhere, or is it something wrong with my
machines? I'm seeing it with the most recent incarnation of the
vagrant-libvirt base images I'm building.
It's particularly pernicious because when this occurs (100% of the
time), the machine seems to be in a partially installed state.
Thanks,
James
More information about the Freeipa-devel
mailing list