Prasun Gera wrote:
> I've done that now in addition to the few fixes that I made manually
> earlier. These were the messages:
> SELinux is preventing /usr/sbin/ns-slapd from write access on the file
> ldap_988
> SELinux is preventing /usr/sbin/httpd from read access on the lnk_file
> /etc/httpd/logs
> And a few others. I also had to do sudo setsebool -P httpd_manage_ipa 1

It would help to know what version you're using.

The installer will skip setting the booleans if SELinux disabled. The
installer won't disable SELinux itself.

A default install will enable these booleans:


AD trust will enable samba_portmapper


> On Sat, Oct 24, 2015 at 10:51 AM, Lukas Slebodnik <
> <>> wrote:
>     On (23/10/15 20:57), Prasun Gera wrote:
>     >selinux was disabled for some reason when the ipa server(replica) was
>     >installed. I enabled it, and see that there are a lot of selinux
>     related
>     >permissions problems in syslog. Is this a known issue ? I tried
>     fixing some
>     >of them manually, but i would like a better approach.
>     FreeIPA should work fine with SELinux in enforcing mode.
>     I would recommend to restore SELinux context of files on that machine.
>     restorecon -Rv /
>     LS

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to