It's blocked by the SELinux bundled with Fedora 9. Error ticket is attached below.
Workaround is to build up apache-2.2.9 and installed into /opt. The source is in /home/koifans/ws.
Problem is that although startup looks ok, it reports error when check status with command "/opt/bin/apachectl status". The error message is:
[root@gateway init.d]# /opt/bin/apachectl status
Not Found
The requested URL /server-status was not found on this server.
Need to check it out sometime later.
Following is the SELinux ticket:
Summary:
SELinux is preventing the httpd from using potentially mislabeled files
./mod_fcgid (var_run_t).
Detailed Description:
SELinux has denied the httpd access to potentially mislabeled files ./mod_fcgid.
This means that SELinux will not allow httpd to use these files. Many third
party apps install html files in directories that SELinux policy cannot predict.
These directories have to be labeled with a file context which httpd can access.
Allowing Access:
If you want to change the file context of ./mod_fcgid so that the httpd daemon
can access it, you need to execute it using chcon -t httpd_sys_content_t
'./mod_fcgid'. You can look at the httpd_selinux man page for additional
information.
Additional Information:
Source Context unconfined_u:system_r:httpd_t:s0
Target Context system_u:object_r:var_run_t:s0
Target Objects ./mod_fcgid [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host gateway
Source RPM Packages httpd-2.2.8-3
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name httpd_bad_labels
Host Name gateway
Platform Linux gateway 2.6.25-14.fc9.i686 #1 SMP Thu May 1
06:28:41 EDT 2008 i686 athlon
Alert Count 4
First Seen Tue 12 Aug 2008 01:22:16 AM PDT
Last Seen Thu 14 Aug 2008 11:53:52 PM PDT
Local ID a35aa3b3-a816-47db-ab81-75184dd9ff04
Line Numbers
Raw Audit Messages
host=gateway type=AVC msg=audit(1218783232.117:38): avc: denied { setattr } for pid=5406 comm="httpd" name="mod_fcgid" dev=sda1 ino=172901 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
host=gateway type=SYSCALL msg=audit(1218783232.117:38): arch=40000003 syscall=212 success=no exit=-13 a0=b8910d80 a1=63 a2=ffffffff a3=63 items=0 ppid=1 pid=5406 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Workaround is to build up apache-2.2.9 and installed into /opt. The source is in /home/koifans/ws.
Problem is that although startup looks ok, it reports error when check status with command "/opt/bin/apachectl status". The error message is:
[root@gateway init.d]# /opt/bin/apachectl status
Not Found
The requested URL /server-status was not found on this server.
Need to check it out sometime later.
Following is the SELinux ticket:
Summary:
SELinux is preventing the httpd from using potentially mislabeled files
./mod_fcgid (var_run_t).
Detailed Description:
SELinux has denied the httpd access to potentially mislabeled files ./mod_fcgid.
This means that SELinux will not allow httpd to use these files. Many third
party apps install html files in directories that SELinux policy cannot predict.
These directories have to be labeled with a file context which httpd can access.
Allowing Access:
If you want to change the file context of ./mod_fcgid so that the httpd daemon
can access it, you need to execute it using chcon -t httpd_sys_content_t
'./mod_fcgid'. You can look at the httpd_selinux man page for additional
information.
Additional Information:
Source Context unconfined_u:system_r:httpd_t:s0
Target Context system_u:object_r:var_run_t:s0
Target Objects ./mod_fcgid [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host gateway
Source RPM Packages httpd-2.2.8-3
Target RPM Packages
Policy RPM selinux-policy-3.3.1-42.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name httpd_bad_labels
Host Name gateway
Platform Linux gateway 2.6.25-14.fc9.i686 #1 SMP Thu May 1
06:28:41 EDT 2008 i686 athlon
Alert Count 4
First Seen Tue 12 Aug 2008 01:22:16 AM PDT
Last Seen Thu 14 Aug 2008 11:53:52 PM PDT
Local ID a35aa3b3-a816-47db-ab81-75184dd9ff04
Line Numbers
Raw Audit Messages
host=gateway type=AVC msg=audit(1218783232.117:38): avc: denied { setattr } for pid=5406 comm="httpd" name="mod_fcgid" dev=sda1 ino=172901 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
host=gateway type=SYSCALL msg=audit(1218783232.117:38): arch=40000003 syscall=212 success=no exit=-13 a0=b8910d80 a1=63 a2=ffffffff a3=63 items=0 ppid=1 pid=5406 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Posts
No comments:
Post a Comment