[Freeipa-users] Configuring httpd error when selinux is permissive
Umarzuki Mochlis
umarzuki at gmail.com
Tue Nov 8 08:42:27 UTC 2016
2016-11-08 16:33 GMT+08:00 郑磊 <zhenglei at kylinos.cn>:
> Hello everyone,
> I have been setting up freeipa(its version is 4.3.1) on Ubuntu. Selinux is
> enable, and its mode is permissive. I met a problem at configuring the httpd
> process, but the process won't be interrupted. The configuration information
> is as follows:
> Configuring the web interface (httpd). Estimated time: 1 minute
> [1/20]: setting mod_nss port to 443
> [2/20]: setting mod_nss cipher suite
> [3/20]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
> [4/20]: setting mod_nss password file
> [5/20]: enabling mod_nss renegotiate
> [6/20]: adding URL rewriting rules
> [7/20]: configuring httpd
> [8/20]: configure certmonger for renewals
> [9/20]: setting up httpd keytab
> [10/20]: setting up ssl
> [11/20]: importing CA certificates from LDAP
> [12/20]: publish CA cert
> [13/20]: clean up any existing httpd ccache
> [14/20]: configuring SELinux for httpd
> ipa.ipaplatform.redhat.tasks: ERROR Cannot get SELinux boolean
> 'httpd_run_ipa': Command '/usr/sbin/getsebool httpd_run_ipa' returned
> non-zero exit status 255
> WARNING: Could not set SELinux booleans: httpd_can_network_connect=on
> httpd_run_ipa=on httpd_manage_ipa=on
>
> The web interface may not function correctly until
> the booleans are successfully changed with the command:
> /usr/sbin/setsebool -P httpd_can_network_connect=on httpd_run_ipa=on
> httpd_manage_ipa=on
> Try updating the policycoreutils and selinux-policy packages.
> [15/20]: create KDC proxy user
> [16/20]: create KDC proxy config
> [17/20]: enable KDC proxy
> [18/20]: restarting httpd
> [19/20]: configuring httpd to start on boot
> [20/20]: enabling oddjobd
> Done configuring the web interface (httpd).
> Is there anyone can help me?
>
> Thanks!
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
Hi,
Have you tried the suggested setsebool command?
More information about the Freeipa-users
mailing list