[Freeipa-devel] ipa-server-install error
Martin Kosek
mkosek at redhat.com
Fri May 30 07:51:58 UTC 2014
On 05/30/2014 09:44 AM, James wrote:
> On Fri, May 30, 2014 at 2:00 AM, Martin Kosek <mkosek at redhat.com> wrote:
>> On 05/30/2014 06:14 AM, Dmitri Pal wrote:
>>> On 05/29/2014 01:44 AM, James wrote:
>>>> /usr/bin/runcon: invalid context: unconfined_u:system_r:pki_ca_script_t:s0:
>>>> Invalid argument"
>>> Looks like and AVC that lead to restart failure of the PKI instance that in
>>> turn led to failure to configure CA.
>>
>> I asked Ade Lee and got this response:
>>
>> On 05/29/2014 04:44 PM, Ade Lee wrote:
>>> The problem is here:
>>>
>>> /usr/bin/runcon: invalid context:
>>> unconfined_u:system_r:pki_ca_script_t:s0: Invalid argument"
>>>
>>> We've seen this before. Sometimes pki-selinux fails to load its policy
>>> for some reason. The best thing to do is to force re-install
>>> pki-selinux (and check for any errors in the /var/log/messages file).
>>>
>>> Ade
>>
>
> Thanks for looking into this... I'm able to reproduce this currently
> 100% of the time. Unfortunately this breaks automated installs. Is it
> a bug that needs filling somewhere, or is it something wrong with my
> machines? I'm seeing it with the most recent incarnation of the
> vagrant-libvirt base images I'm building.
>
> It's particularly pernicious because when this occurs (100% of the
> time), the machine seems to be in a partially installed state.
>
> Thanks,
> James
Good question - CCing PKI developers.
Martin
More information about the Freeipa-devel
mailing list