Bug 493383
| Summary: | lighttpd fails to start in CentOS 5.3 due to selinux-policy | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Matt Bailey <mbailey> |
| Component: | lighttpd | Assignee: | Matthias Saou <matthias> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | el5 | CC: | blackmagic, matthias, noa |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-04-09 17:52:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Quick fix is obviously to edit the selinux policy or disable selinux, which is obviously not recommended. Creating the socket in /tmp/ is a bad idea. This might have been the default in the included example a while back, but the current one is now : "socket" => "/var/run/lighttpd/php-fastcgi.socket", Please update to have the socket being used under /var/run/lighttpd/ and everything should work fine. (please reopen if I'm wrong and it still doesn't work) |
Description of problem: After upgrading CentOS to 5.3, the EPEL lighttpd package is now denied access to create php fcgi sockets in /tmp Version-Release number of selected component (if applicable): 1.4.20-6.el5 How reproducible: Tested on the only box I have running lighttpd Steps to Reproduce: 1. Upgrade from centos 5.2 to 5.3 2. Try to start lighttpd (/etc/init.d/lighttpd start) Actual results: lighttpd fails to start Expected results: lighttpd should start Additional info: Log files: --- lighttpd error log: 2009-04-01 15:28:21: (log.c.97) server started 2009-04-01 15:28:21: (mod_fastcgi.c.924) bind failed for: unix:/tmp/php.socket-0 Permission denied 2009-04-01 15:28:21: (mod_fastcgi.c.1365) [ERROR]: spawning fcgi failed. 2009-04-01 15:28:21: (server.c.902) Configuration of plugins failed. Going down. --- SELinux audit.log: type=AVC msg=audit(1238599701.882:34): avc: denied { create } for pid=2191 comm="lighttpd" name="php.socket-0" scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=sock_file type=SYSCALL msg=audit(1238599701.882:34): arch=c000003e syscall=49 success=no exit=-13 a0=5 a1=7fffc3b6cf80 a2=13 a3=7fffc3b6cf78 items=0 ppid=2190 pid=2191 auid=1001 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) ses=2 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=user_u:system_r:httpd_t:s0 key=(null)