Yes, the problem is solved after I added the httpd_run_ipa boolean to the 
selinux-policy on Ubuntu.

Thank you!





------------------
祝:
    工作顺利!生活愉快!
--------------------------
长沙研发中心 郑磊 
电话:18684703229
邮箱:zheng...@kylinos.cn
公司:天津麒麟信息技术有限公司
地址:湖南长沙市开福区三一大道工美大厦十四楼
 

 
 
 
------------------ Original ------------------
From:  "Lukas Slebodnik"<lsleb...@redhat.com>;
Date:  Tue, Nov 8, 2016 09:53 PM
To:  "郑磊"<zheng...@kylinos.cn>; 
Cc:  "Umarzuki Mochlis"<umarz...@gmail.com>; 
"freeipa-users"<freeipa-users@redhat.com>; 
Subject:  Re: [Freeipa-users] Configuring httpd error when selinux ispermissive

 
On (08/11/16 16:57), 郑磊 wrote:
>Command returns the result:
>root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/setsebool -P 
>httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on
>Cannot set persistent booleans without managed policy.
>
>root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/getsebool httpd_run_ipa
>Error getting active value for httpd_run_ipa
>
Then it just mean that selinux-policy on ununtu does not contain
such boolean.

You have few options:
* create your own SELinux rules
* backport SELinux rules from upstream/fedora
* Use freeIPA with SELinux on different distribution.
* use freeIPA without SELinux on ubuntu (IIRC the default is Apparmor)

LS
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to