[Freeipa-users] FreeIPA 2.1.0 - SELinux

Sigbjorn Lie sigbjorn at nixtra.com
Mon Aug 22 16:01:42 UTC 2011 

Ah, excellent. Thanks. :)


Rgds,
Siggi



On 08/19/2011 07:17 PM, Ade Lee wrote:
> Siggi,
>
> The fix for this has already been checked into the dogtag code.  We'll
> have a new build out (for pki-ca) probably sometime next week.
>
> Ade
>
> On Fri, 2011-08-19 at 12:57 -0400, Rob Crittenden wrote:
>> Sigbjorn Lie wrote:
>>> Hi,
>>>
>>> I've just updated to FreeIPA 2.1.0. I disabled SELinux on this machine
>>> (Fedora 15) when I installed IPA, as there was a bug with IPA's SELinux
>>> ruleset, which made the ipa-server-install script fail.
>>>
>>> That decision seem to be biting my ass now, I get the following error
>>> message: "/usr/bin/runcon: /usr/bin/runcon may be used only on a SELinux
>>> kernel" whenever I attempt to start IPA. See below for output.
>>>
>>> After configuring SELinux to be permissive the error disappears, and IPA
>>> starts normally.
>>>
>>> I have opened a bug here:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=732064
>>>
>>> Other than that - thank you for an excellent product! I've been waiting
>>> for the automount option in the GUI, makes editing automount rules a
>>> whole lot easier!! :)
>>>
>>>
>>>
>>>
>>> Regards,
>>> Siggi
>>>
>>>
>>>
>>>
>>>
>>> [root at ipa03 ~]# ipactl restart
>>> Restarting Directory Service
>>> Shutting down dirsrv:
>>> IX-TEST-COM... server already stopped [FAILED]
>>> PKI-IPA... server already stopped [FAILED]
>>> *** Error: 2 instance(s) unsuccessfully stopped [FAILED]
>>> Starting dirsrv:
>>> IX-TEST-COM... [ OK ]
>>> PKI-IPA... [ OK ]
>>> Restarting KDC Service
>>> Restarting krb5kdc (via systemctl): [ OK ]
>>> Restarting KPASSWD Service
>>> Restarting ipa_kpasswd (via systemctl): [ OK ]
>>> Restarting HTTP Service
>>> Restarting httpd (via systemctl): [ OK ]
>>> Restarting CA Service
>>> Stopping pki-ca: [ OK ]
>>> /usr/bin/runcon: /usr/bin/runcon may be used only on a SELinux kernel
>>> Failed to restart CA Service
>>> Shutting down
>>> Stopping krb5kdc (via systemctl): [ OK ]
>>> Stopping ipa_kpasswd (via systemctl): [ OK ]
>>> Stopping httpd (via systemctl): [ OK ]
>>> Stopping pki-ca: [ OK ]
>>> Shutting down dirsrv:
>>> IX-TEST-COM... [ OK ]
>>> PKI-IPA... [ OK ]
>>> Aborting ipactl
>>> [root at ipa03 ~]# getenforce
>>> Disabled
>>>
>> What is/was the bug in the SELinux ruleset that caused you to disable
>> SELinux in the first place?
>>
>> rob
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list