Pavel's current code base tries to write to /var/cache/ipa/assets/ from within httpd, which is forbidden by SELinux. I suspect the code in the mainline might be doing this as well. The work around is:

chcon -R -t httpd_sys_content_rw_t /var/cache/ipa/assets
semanage fcontext -a -t httpd_sys_content_rw_t 'assets'

If we are going to do this kind of code generation, we might want to do it at install time, or as part of something like
/etc/init.d/ipa-server start

Freeipa-devel mailing list

Reply via email to