Is SELinux to blame?
# systemctl status ipa-ods-exporter.socket systemd[1]: ipa-ods-exporter.socket: Failed to listen on sockets: Permission denied systemd[1]: Failed to listen on ipa-ods-exporter.socket. # tail -n 0 -f /var/log/audit/audit.log # systemctl start ipa-ods-exporter.socket type=AVC msg=audit(1462278071.358:11885): avc: denied { create } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=0
In permissive mode we get a bit further:
type=USER_AVC msg=audit(1462278193.008:11889): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=AVC msg=audit(1462278193.010:11890): avc: denied { create } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(1462278193.010:11891): avc: denied { setopt } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(1462278193.012:11892): avc: denied { bind } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(1462278193.012:11893): avc: denied { listen } for pid=1 comm="systemd" path="/run/opendnssec/engine.sock" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=1
More investigation is needed.
Probably related issue https://bugzilla.redhat.com/show_bug.cgi?id=1333106
Fixed in selinux-policy: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f85aa7dd6b
It seems that we have regressed: https://bugzilla.redhat.com/show_bug.cgi?id=1366640
Metadata Update from @pspacek: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.3.2
Login to comment on this ticket.