Re: [Freeipa-users] Configuring httpd error when selinux ispermissive
Yes, the problem is solved after I added the httpd_run_ipa boolean to the selinux-policy on Ubuntu. Thank you! -- 祝: 工作顺利!生活愉快! -- 长沙研发中心 郑磊 电话:18684703229 邮箱:zheng...@kylinos.cn 公司:天津麒麟信息技术有限公司 地址:湖南长沙市开福区三一大道工美大厦十四楼 -- Original -- From: "Lukas Slebodnik"; Date: Tue, Nov 8, 2016 09:53 PM To: "郑磊"; Cc: "Umarzuki Mochlis"; "freeipa-users"; Subject: Re: [Freeipa-users] Configuring httpd error when selinux ispermissive On (08/11/16 16:57), 郑磊 wrote: >Command returns the result: >root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/setsebool -P >httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on >Cannot set persistent booleans without managed policy. > >root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/getsebool httpd_run_ipa >Error getting active value for httpd_run_ipa > Then it just mean that selinux-policy on ununtu does not contain such boolean. You have few options: * create your own SELinux rules * backport SELinux rules from upstream/fedora * Use freeIPA with SELinux on different distribution. * use freeIPA without SELinux on ubuntu (IIRC the default is Apparmor) LS-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Configuring httpd error when selinux ispermissive
I will try to your solutions. Thanks! -- 祝: 工作顺利!生活愉快! -- 长沙研发中心 郑磊 电话:18684703229 邮箱:zheng...@kylinos.cn 公司:天津麒麟信息技术有限公司 地址:湖南长沙市开福区三一大道工美大厦十四楼 -- Original -- From: "Lukas Slebodnik"; Date: Tue, Nov 8, 2016 09:53 PM To: "郑磊"; Cc: "Umarzuki Mochlis"; "freeipa-users"; Subject: Re: [Freeipa-users] Configuring httpd error when selinux ispermissive On (08/11/16 16:57), 郑磊 wrote: >Command returns the result: >root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/setsebool -P >httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on >Cannot set persistent booleans without managed policy. > >root@ipaserver:/tmp/freeipa-4.3.1# /usr/sbin/getsebool httpd_run_ipa >Error getting active value for httpd_run_ipa > Then it just mean that selinux-policy on ununtu does not contain such boolean. You have few options: * create your own SELinux rules * backport SELinux rules from upstream/fedora * Use freeIPA with SELinux on different distribution. * use freeIPA without SELinux on ubuntu (IIRC the default is Apparmor) LS-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
