[Freeipa-users] Configuring httpd error when selinux ispermissive

[郑磊]

I will try to your solutions.

Thanks!





------------------
祝：
    工作顺利！生活愉快！
--------------------------
长沙研发中心 郑磊 
电话：18684703229
邮箱：zhenglei at kylinos.cn
公司：天津麒麟信息技术有限公司
地址：湖南长沙市开福区三一大道工美大厦十四楼
 

 
 
 
------------------ Original ------------------
From:  "Lukas Slebodnik"<lslebodn at redhat.com>;
Date:  Tue, Nov 8, 2016 09:53 PM
To:  "郑磊"<zhenglei at kylinos.cn>; 
Cc:  "Umarzuki Mochlis"<umarzuki at gmail.com>; "freeipa-users"<freeipa-users at redhat.com>; 
Subject:  Re: [Freeipa-users] Configuring httpd error when selinux ispermissive

 
On (08/11/16 16:57), 郑磊 wrote:
>Command returns the result:
>root at ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/setsebool -P httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on
>Cannot set persistent booleans without managed policy.
>
>root at ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/getsebool httpd_run_ipa
>Error getting active value for httpd_run_ipa
>
Then it just mean that selinux-policy on ununtu does not contain
such boolean.

You have few options:
* create your own SELinux rules
* backport SELinux rules from upstream/fedora
* Use freeIPA with SELinux on different distribution.
* use freeIPA without SELinux on ubuntu (IIRC the default is Apparmor)

LS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161109/88d36f2b/attachment.htm>