Reproducible: 100%
Steps to reproduce: 1. Have selinux enabled 2. run ipa-server-install
Expected result: The certificate and key files for PKINIT get installed
Actual result: Error message is shown: ipa : ERROR Failed to initiate the request: org.fedorahosted.certmonger.bad_arg: The parent of location "/var/kerberos/krb5kdc/kdc.crt" could not be accessed due to insufficient permissions.
ipa : ERROR Failed to initiate the request: org.fedorahosted.certmonger.bad_arg: The parent of location "/var/kerberos/krb5kdc/kdc.crt" could not be accessed due to insufficient permissions.
@slaz, could you file a bz for RHEL and Fedora with related SELinux AVCs ?
Sure, I'll do it.
The respective Bugzillas:[[BR]] Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1417843 [[BR]] RHEL 7: https://bugzilla.redhat.com/show_bug.cgi?id=1417846
Metadata Update from @stlaz: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5
Metadata Update from @mbasti: - Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)
Metadata Update from @mbasti: - Issue assigned to mbasti
RHEL 7: https://bugzilla.redhat.com/show_bug.cgi?id=1439136
Metadata Update from @mbasti: - Issue set to the milestone: FreeIPA 4.5.2 (was: FreeIPA 4.5.1)
FreeIPA 4.5.1 has been released, moving to FreeIPA 4.5.2 milestone
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.3 (was: FreeIPA 4.5.2)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.4 (was: FreeIPA 4.5.3)
Metadata Update from @mbasti: - Assignee reset
Metadata Update from @pvoborni: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.