[Freeipa-users] Configuring httpd error when selinux is permissive
Lukas Slebodnik
lslebodn at redhat.com
Tue Nov 8 13:53:15 UTC 2016
On (08/11/16 16:57), 郑磊 wrote:
>Command returns the result:
>root at ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/setsebool -P httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on
>Cannot set persistent booleans without managed policy.
>
>root at ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/getsebool httpd_run_ipa
>Error getting active value for httpd_run_ipa
>
Then it just mean that selinux-policy on ununtu does not contain
such boolean.
You have few options:
* create your own SELinux rules
* backport SELinux rules from upstream/fedora
* Use freeIPA with SELinux on different distribution.
* use freeIPA without SELinux on ubuntu (IIRC the default is Apparmor)
LS
More information about the Freeipa-users
mailing list