Re: [Freeipa-users] Saltstack and ipa-install on Centos7 failing

2015-03-17 Thread Martin Kosek
Looks like a bug, yes. I am just not sure whether in missing Saltstack SELinux module or the actual SELinux policy. You can try filing a bug to SELinux policy. Looking at SaltStack Troubleshooting guide, would switching to rpm_script_t help? http://docs.saltstack.com/en/latest/topics/troubleshoo

Re: [Freeipa-users] Saltstack and ipa-install on Centos7 failing

2015-03-16 Thread Andrew Holway
Hi, I think this is perhaps a bug? Thanks, Andrew On 13 March 2015 at 15:55, Andrew Holway wrote: > > > On 13 March 2015 at 15:33, Michael Lasevich wrote: > >> Is SELinux on? >> > Yes, > > ipa-server-install is running in the initrc_t domain but I guess its set > up to run unconfined > > > p

Re: [Freeipa-users] Saltstack and ipa-install on Centos7 failing

2015-03-13 Thread Andrew Holway
On 13 March 2015 at 15:33, Michael Lasevich wrote: > Is SELinux on? > Yes, ipa-server-install is running in the initrc_t domain but I guess its set up to run unconfined ps -Z with ipa-server-install run from salt-stack : system_u:system_r:init_t:s0 root 1568 0.0 1.4 231308 14652 ? Ss

Re: [Freeipa-users] Saltstack and ipa-install on Centos7 failing

2015-03-13 Thread Michael Lasevich
Is SELinux on? On Mar 13, 2015 7:46 AM, "Andrew Holway" wrote: > Hallo > > I have a quite odd situation. I am using saltstack to set up freeipa > servers on Centos 7 but I am getting the following error: > > failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent > --logfile - -f /tm

Re: [Freeipa-users] Saltstack and ipa-install on Centos7 failing

2015-03-13 Thread Andrew Holway
Old bug report - https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=959953 On 13 March 2015 at 15:24, Andrew Holway wrote: > Hi Dimitri > > type=AVC msg=audit(1426243559.181:623): avc: *denied* { create } for > pid=2740 comm="ns-slapd" name="imports" > scontext=system_u:system_r:dirsr

Re: [Freeipa-users] Saltstack and ipa-install on Centos7 failing

2015-03-13 Thread Andrew Holway
Hi Dimitri type=AVC msg=audit(1426243559.181:623): avc: *denied* { create } for pid=2740 comm="ns-slapd" name="imports" scontext=system_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir type=AVC msg=audit(1426243559.388:625): avc: *denied* { create } for pid=2754 comm

Re: [Freeipa-users] Saltstack and ipa-install on Centos7 failing

2015-03-13 Thread Dmitri Pal
On 03/13/2015 07:43 AM, Andrew Holway wrote: Hallo I have a quite odd situation. I am using saltstack to set up freeipa servers on Centos 7 but I am getting the following error: failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmp5