Bug 1573942 - nginx fails on start
Summary: nginx fails on start
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: nginx
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jamie Nguyen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1574519 (view as bug list)
Depends On: 1558420
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-02 14:48 UTC by Luboš Uhliarik ✈
Modified: 2018-06-18 16:16 UTC (History)
13 users (show)

Fixed In Version: nginx-1.12.1-8.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1558420
Environment:
Last Closed: 2018-06-18 16:16:51 UTC


Attachments (Terms of Use)

Description Luboš Uhliarik ✈ 2018-05-02 14:48:19 UTC
Description of problem:
Permissions problems starting nginx (maybe SELinux?).

Version-Release number of selected component (if applicable):
nginx in F28

How reproducible:
always

Steps to Reproduce:
1. dnf install nginx
2. systemctl start nginx

Actual results:
fails

journalctl -r -u nginx

Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: nginx.service: Failed with result 'exit-code'.
Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: nginx.service: Control process exited, code=exited status=1
Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com nginx[1627]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com nginx[1627]: 2018/03/20 04:13:06 [emerg] 1627#0: mkdir() "/var/lib/nginx/tmp/client_body" failed (13: Permis
Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com nginx[1627]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com nginx[1627]: nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Per
Mar 20 04:13:06 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: Starting The nginx HTTP and reverse proxy server...
Mar 20 04:13:03 qeos-5.lab.eng.rdu2.redhat.com systemd[1]: nginx.service: Unit cannot be reloaded because it is inactive.



Expected results:
works

Additional info:

ausearch says:

time->Tue Mar 20 04:13:06 2018
type=AVC msg=audit(1521533586.479:317): avc:  denied  { dac_override } for  pid=1627 comm="nginx" capability=1  scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability permissive=0
----
time->Tue Mar 20 04:13:06 2018
type=AVC msg=audit(1521533586.519:318): avc:  denied  { dac_override } for  pid=1627 comm="nginx" capability=1  scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability permissive=0

Comment 1 Luboš Uhliarik ✈ 2018-05-02 15:09:20 UTC
*** Bug 1567768 has been marked as a duplicate of this bug. ***

Comment 2 Luboš Uhliarik ✈ 2018-05-03 13:31:16 UTC
*** Bug 1574519 has been marked as a duplicate of this bug. ***

Comment 3 Carl Bennett 2018-05-07 20:18:52 UTC
Nginx will not start while SELinux is in enforcing mode on a new Fedora 28 installation.

For those looking for a quick band-aid to the issue, temporarily set SELinux to permissive mode, start Nginx, then set SELinux back to enforcing mode. This will let Nginx start and let's it open write access to its log files. I'm unsure what happens when the logs are rotated with SELinux enforcing, ymmv.

Glad to see this issue is now opened to the public. Hoping for a fix on this by the end of the week!

Comment 4 Joe Orton 2018-05-08 07:45:37 UTC
Fix in -testing for this:

https://bodhi.fedoraproject.org/updates/FEDORA-2018-afe81d2db1

Comment 5 Fedora Update System 2018-05-14 13:45:38 UTC
nginx-1.12.1-8.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6666e4cf06

Comment 6 Fedora Update System 2018-05-14 20:39:58 UTC
nginx-1.12.1-8.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6666e4cf06

Comment 7 Fedora Update System 2018-06-18 16:16:51 UTC
nginx-1.12.1-8.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.