[Freeipa-users] IPA server having cert issues

Christian Heimes cheimes at redhat.com
Fri Apr 29 16:25:44 UTC 2016 

On 2016-04-29 18:17, Bret Wortman wrote:
> I'll put the results inline here, since they're short.
> 
> [root at zsipa log]# ls -laZ /etc/httpd/
> drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 .
> drwxr-xr-x. root root system_u:object_r:etc_t:s0       ..
> drwxr-xr-x. root root system_u:object_r:cert_t:s0      alias
> drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 conf
> drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 conf.d
> drwxr-xr-x. root root system_u:object_r:httpd_config_t:s0 conf.modules.d
> lrwxrwxrwx  root root ?                                logs ->
> ../../var/log/httpd
> lrwxrwxrwx  root root ?                                modules ->
> ../../usr/lib64/httpd/modules
> lrwxrwxrwx  root root ?                                run -> /run/httpd
> [root at zsipa log]# ls -laZ /etc/httpd/alias
> drwxr-xr-x. root root   system_u:object_r:cert_t:s0      .
> drwxr-xr-x. root root   system_u:object_r:httpd_config_t:s0 ..
> -r--r--r--  root root   ?                                cacert.asc
> -r--r--r--  root root   ?                                cacert.asc.orig
> -rw-r-----  root root   ?                                cert8.db
> -rw-rw----  root apache ?                                cert8.db.20160426
> -rw-rw----  root apache ?                                cert8.db.orig
> -rw-------. root root   system_u:object_r:cert_t:s0      install.log
> -rw-r-----  root root   ?                                key3.db
> -rw-rw----  root apache ?                                key3.db.20160426
> -rw-rw----  root apache ?                                key3.db.orig
> lrwxrwxrwx  root root   ?                                libnssckbi.so
> -> ../../..//usr/lib64/libnssckbi.so
> -rw-rw----  root apache ?                                pwdfile.txt
> -rw-rw----  root apache ?                                pwdfile.txt.orig
> -rw-rw----  root apache ?                                secmod.db
> -rw-rw----  root apache ?                                secmod.db.orig

Some files don't have the correct SELinux context or are completely
missing a context. SELinux prevents Apache from accessing this files.
Did you replace some files or restore some from a backup? You should see
a bunch of SELinux violations in your audit log.

In order to restore the correct context, please run restorecon:

# restorecon -R -v /etc/httpd/alias

This should set correct contexts and allow you to start Apache HTTPD again.

Christian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160429/f58d8dd4/attachment.sig>

More information about the Freeipa-users mailing list