On (08/11/16 16:57), 郑磊 wrote: >Command returns the result: >root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/setsebool -P >httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on >Cannot set persistent booleans without managed policy. > >root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/getsebool httpd_run_ipa >Error getting active value for httpd_run_ipa > Then it just mean that selinux-policy on ununtu does not contain such boolean.
You have few options: * create your own SELinux rules * backport SELinux rules from upstream/fedora * Use freeIPA with SELinux on different distribution. * use freeIPA without SELinux on ubuntu (IIRC the default is Apparmor) LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
