On 27/09/2021 12:23, François Cami wrote:
Hi,
Any AVC present in /var/log/audit/audit.log?
Thank you,
François
On Mon, Sep 27, 2021 at 12:52 PM lejeczek via FreeIPA-users
<[email protected]> wrote:
Hi guys.
Anybody on CentOS Stream?
With updates among which I have
selinux-policy-3.14.3-79.el8.noarch
ipa-selinux-4.9.6-4.module_el8.5.0+921+2b5d5825.noarch
I end up with problems:
Starting The Apache HTTP Server...
ipa: INFO: KDC proxy enabled
ipa-httpd-kdcproxy: INFO KDC proxy enabled
[Mon Sep 27 08:58:25.895507 2021] [auth_gssapi:error] [pid
9238:tid 140576742644032] Failed to open key file
/etc/httpd/alias/ipasession.key
[Mon Sep 27 08:58:25.895674 2021] [auth_gssapi:error] [pid
9238:tid 140576742644032] Failed to open key file
/etc/httpd/alias/ipasession.key
AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/var/lib/ipa/certs/httpd.crt' does
not exist or is empty
httpd.service: Main process exited, code=exited,
status=1/FAILURE
httpd.service: Failed with result 'exit-code'.
Failed to start The Apache HTTP Server.
-> $ restorecon -RFv /var/lib/ipa/certs/
restorecon: Could not set context for /var/lib/ipa/certs:
Invalid argument
restorecon: Could not set context for
/var/lib/ipa/certs/httpd.crt: Invalid argument
I told OS to autorelabel and after reboot I can not get to
the system, not via 'ssh' nor with terminal login - that's
new :)
regards, L.
Ough.. the same one "old" culprit. Whether it's due to
courtesy of SELinux - being only a consumer - I cannot tell.
If you have a custom paths fcontext labels but no
definitions for fcontext because a selinux module is absent,
such as 'glusterfs-selinux', then a cascade of problems you
shall expect.
Why SELinux allows for such a (I'd imagine common) case..
boggles my mind.
regards, L.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
