I've just updated to FreeIPA 2.1.0. I disabled SELinux on this machine (Fedora 15) when I installed IPA, as there was a bug with IPA's SELinux ruleset, which made the ipa-server-install script fail.

That decision seem to be biting my ass now, I get the following error message: "/usr/bin/runcon: /usr/bin/runcon may be used only on a SELinux kernel" whenever I attempt to start IPA. See below for output.

After configuring SELinux to be permissive the error disappears, and IPA starts normally.

I have opened a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=732064

Other than that - thank you for an excellent product! I've been waiting for the automount option in the GUI, makes editing automount rules a whole lot easier!! :)


[root@ipa03 ~]# ipactl restart
Restarting Directory Service
Shutting down dirsrv:
    IX-TEST-COM... server already stopped                [FAILED]
    PKI-IPA... server already stopped                      [FAILED]
  *** Error: 2 instance(s) unsuccessfully stopped          [FAILED]
Starting dirsrv:
    IX-TEST-COM...                                       [  OK  ]
    PKI-IPA...                                             [  OK  ]
Restarting KDC Service
Restarting krb5kdc (via systemctl):                        [  OK  ]
Restarting KPASSWD Service
Restarting ipa_kpasswd (via systemctl):                    [  OK  ]
Restarting HTTP Service
Restarting httpd (via systemctl):                          [  OK  ]
Restarting CA Service
Stopping pki-ca:                                           [  OK  ]
/usr/bin/runcon: /usr/bin/runcon may be used only on a SELinux kernel
Failed to restart CA Service
Shutting down
Stopping krb5kdc (via systemctl):                          [  OK  ]
Stopping ipa_kpasswd (via systemctl):                      [  OK  ]
Stopping httpd (via systemctl):                            [  OK  ]
Stopping pki-ca:                                           [  OK  ]
Shutting down dirsrv:
    IX-TEST-COM...                                       [  OK  ]
    PKI-IPA...                                             [  OK  ]
Aborting ipactl
[root@ipa03 ~]# getenforce

Freeipa-users mailing list

Reply via email to