Description of problem: After certain sequence of test cases, I'm not able to start httpd. Version-Release number of selected component (if applicable): httpd24-httpd-2.4.34-6.el7.x86_64 httpd24-mod_md-2.4.34-6.el7.x86_64 How reproducible: always Steps to Reproduce: 1. run httpd/mod_authn_anon/smoke 2. run httpd/Regression/bz1299889-create-apache-user-when-group-exists 3. run httpd/mod_authz_user/smoke Actual results: unable to start httpd with following error: [ ERROR ] AVC check: FAIL ---- type=PROCTITLE msg=audit(11/06/2018 05:00:28.874:1033) : proctitle=/opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND type=SYSCALL msg=audit(11/06/2018 05:00:28.874:1033) : arch=x86_64 syscall=chown success=no exit=EACCES(Permission denied) a0=0x5568a6db4018 a1=apache a2=unset a3=0x7ffe990ffce0 items=0 ppid=1 pid=21225 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=httpd exe=/opt/rh/httpd24/root/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(11/06/2018 05:00:28.874:1033) : avc: denied { setattr } for pid=21225 comm=httpd name=challenges dev="vda1" ino=37750190 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=0 error_log: [Tue Nov 06 04:27:59.637440 2018] [core:notice] [pid 12090] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 [Tue Nov 06 04:27:59.638040 2018] [:error] [pid 12090] (13)Permission denied: AH10082: Can't change owner of /opt/rh/httpd24/root/etc/httpd/state/md/challenges [Tue Nov 06 04:27:59.638050 2018] [md:error] [pid 12090] (13)Permission denied: AH10047: setup challenges directory, call check_group_dir(*pstore, MD_SG_CHALLENGES, p, s) [Tue Nov 06 04:27:59.638053 2018] [md:error] [pid 12090] (13)Permission denied: AH10072: setup md registry AH00016: Configuration Failed Expected results: it works Additional info: I believe this is related to mod_md. scl ownership test is also failing: :: [ 16:36:23 ] :: [ FAIL ] :: All files in /opt/rh/httpd24 owned by that collection :: [ 16:36:23 ] :: [ LOG ] :: Files in the question: :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.old :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/01-md.conf :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/10-python27-wsgi.conf.bak :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/usr/share/doc/httpd24-mod_auth_mellon :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/var/lib/httpd/md :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/var/lib/httpd/md/accounts :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/var/lib/httpd/md/challenges :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/var/lib/httpd/md/httpd.json :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/var/lib/httpd/md/md_store.json :: [ 16:36:23 ] :: [ LOG ] :: /opt/rh/httpd24/root/var/lib/httpd/md/staging
Verified on httpd24-httpd-2.4.34-7.el7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3558