Description of problem: After upgrading CentOS to 5.3, the EPEL lighttpd package is now denied access to create php fcgi sockets in /tmp Version-Release number of selected component (if applicable): 1.4.20-6.el5 How reproducible: Tested on the only box I have running lighttpd Steps to Reproduce: 1. Upgrade from centos 5.2 to 5.3 2. Try to start lighttpd (/etc/init.d/lighttpd start) Actual results: lighttpd fails to start Expected results: lighttpd should start Additional info: Log files: --- lighttpd error log: 2009-04-01 15:28:21: (log.c.97) server started 2009-04-01 15:28:21: (mod_fastcgi.c.924) bind failed for: unix:/tmp/php.socket-0 Permission denied 2009-04-01 15:28:21: (mod_fastcgi.c.1365) [ERROR]: spawning fcgi failed. 2009-04-01 15:28:21: (server.c.902) Configuration of plugins failed. Going down. --- SELinux audit.log: type=AVC msg=audit(1238599701.882:34): avc: denied { create } for pid=2191 comm="lighttpd" name="php.socket-0" scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=sock_file type=SYSCALL msg=audit(1238599701.882:34): arch=c000003e syscall=49 success=no exit=-13 a0=5 a1=7fffc3b6cf80 a2=13 a3=7fffc3b6cf78 items=0 ppid=2190 pid=2191 auid=1001 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) ses=2 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=user_u:system_r:httpd_t:s0 key=(null)
Quick fix is obviously to edit the selinux policy or disable selinux, which is obviously not recommended.
Creating the socket in /tmp/ is a bad idea. This might have been the default in the included example a while back, but the current one is now : "socket" => "/var/run/lighttpd/php-fastcgi.socket", Please update to have the socket being used under /var/run/lighttpd/ and everything should work fine. (please reopen if I'm wrong and it still doesn't work)