Prasun Gera wrote: > I've done that now in addition to the few fixes that I made manually > earlier. These were the messages: > SELinux is preventing /usr/sbin/ns-slapd from write access on the file > ldap_988 > SELinux is preventing /usr/sbin/httpd from read access on the lnk_file > /etc/httpd/logs > And a few others. I also had to do sudo setsebool -P httpd_manage_ipa 1
It would help to know what version you're using. The installer will skip setting the booleans if SELinux disabled. The installer won't disable SELinux itself. A default install will enable these booleans: httpd_can_network_connect httpd_manage_ipa httpd_run_ipa AD trust will enable samba_portmapper rob > > On Sat, Oct 24, 2015 at 10:51 AM, Lukas Slebodnik <lsleb...@redhat.com > <mailto:lsleb...@redhat.com>> wrote: > > On (23/10/15 20:57), Prasun Gera wrote: > >selinux was disabled for some reason when the ipa server(replica) was > >installed. I enabled it, and see that there are a lot of selinux > related > >permissions problems in syslog. Is this a known issue ? I tried > fixing some > >of them manually, but i would like a better approach. > FreeIPA should work fine with SELinux in enforcing mode. > > I would recommend to restore SELinux context of files on that machine. > > restorecon -Rv / > > LS > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project