Bug 199419
Summary: | "apachectl graceful" kills apache when selinux enabled | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tomasz Ostrowski <tometzky+redhat> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | urgent | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5 | CC: | jorton | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-03-28 20:03:34 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Tomasz Ostrowski
2006-07-19 14:16:32 UTC
Why is this connection to the http port? Default selinux permissions on http are to not allow it to connect to other http boxes. Looks like apachectl is somehow connecting to the port and getting a denial and then exiting. Maybe checking to see if it is listeing? You can turn on httpd_can_network_relay boolean to allow httpd to connect to the httpd port. setsebool -P httpd_can_network_relay=1 But this is a work around. Tomasz, can you file a separate report against httpd and include a backtrace for the segfault? That is a separate issue. To get a backtrace add "CoreDumpDirectory /tmp" to httpd.conf, then run gdb on the core dump produced and enter "bt full" at the gdb prompt Created attachment 132690 [details]
strace of the apache parent process while "apachectl graceful"
I'm attaching a strace of the Apache parent while doing "apachectl graceful".
It does show that Apache segfaults (as logged in error_log).
(In reply to comment #3) > Tomasz, can you file a separate report against httpd and include a backtrace for > the segfault? Done. Filed a bug 199429. Fixed in selinux-policy-2.3.14-3 Closing bugs |