| Summary: | Server fails to start on some custom document root | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Arnaud Lacombe <lacombar> |
| Component: | lighttpd | Assignee: | Matthias Saou <matthias> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 14 | CC: | lacombar, matthias |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-02-04 08:41:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This is actually an Selinux issue, from the dmesg log:
[1080126.215214] type=1400 audit(1296804893.151:28989): avc: denied { getattr } for pid=17292 comm="lighttpd" path="/foo/www" dev=sda4 ino=24643174 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir
I'm not really sure how to make it work as I want, though...
chcon -R -h -t httpd_sys_content_t /foo/www did the job. |
Description of problem: When started with a custom "server.document-root", lighttpd refuses to start: 2011-02-04 01:22:59: (configfile.c.1210) base-docroot doesn't exist: /bla 2011-02-04 01:22:59: (server.c.613) setting default values failed On the two following directory: drwxrwxr-x. 32 root wheel 4096 Feb 4 00:49 /foo drwxrwxr-x. 2 root wheel 4096 Feb 4 01:35 /bar lighttpd fails to start on "/foo" (which is a mount point for a volume) but works on "/bar". It also fails to start with the document root pointing to my home directory, but succeed to another newly created directory in /home, with a different name, but _same_ permission. Version-Release number of selected component (if applicable): 1.4.26-2.fc14 How reproducible: ever. Steps to Reproduce: 1. install lighttpd 2. change document root 3. restart Actual results: 2011-02-04 01:22:59: (configfile.c.1210) base-docroot doesn't exist: /foo/www 2011-02-04 01:22:59: (server.c.613) setting default values failed Expected results: it should start normally, permission seems correct (see below) Additional info: Running lighttpd as root, on a command line: /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf works fine with the same root directory the script refused to start on. It would seem that when run from the startup script, lighttpd gets a permission denied. If I wrap /usr/sbin/lighttpd in a shell script, starting an interactive sub-shell, and running the above command is strace results in the following: stat("/foo/www", 0x7fff408e4a80) = -1 EACCES (Permission denied) Copying the startup script from /etc/init.d/lighttpd to /etc/init.d/lighttpd.sh, without any modification make the startup succeed I am not sure to pin-point the source of the limitation.