Bug 493383 - lighttpd fails to start in CentOS 5.3 due to selinux-policy
lighttpd fails to start in CentOS 5.3 due to selinux-policy
Status: CLOSED NOTABUG
Product: Fedora EPEL
Classification: Fedora
Component: lighttpd (Show other bugs)
el5
All Linux
low Severity high
: ---
: ---
Assigned To: Matthias Saou
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-01 11:55 EDT by Matt Bailey
Modified: 2009-04-09 13:52 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-09 13:52:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matt Bailey 2009-04-01 11:55:40 EDT
Description of problem:
After upgrading CentOS to 5.3, the EPEL lighttpd package is now denied access to create php fcgi sockets in /tmp

Version-Release number of selected component (if applicable):
1.4.20-6.el5

How reproducible:
Tested on the only box I have running lighttpd

Steps to Reproduce:
1. Upgrade from centos 5.2 to 5.3
2. Try to start lighttpd (/etc/init.d/lighttpd start)
  
Actual results:
lighttpd fails to start

Expected results:
lighttpd should start

Additional info:
Log files:
--- lighttpd error log:
2009-04-01 15:28:21: (log.c.97) server started 
2009-04-01 15:28:21: (mod_fastcgi.c.924) bind failed for: unix:/tmp/php.socket-0 Permission denied 
2009-04-01 15:28:21: (mod_fastcgi.c.1365) [ERROR]: spawning fcgi failed. 
2009-04-01 15:28:21: (server.c.902) Configuration of plugins failed. Going down.

--- SELinux audit.log:
type=AVC msg=audit(1238599701.882:34): avc:  denied  { create } for  pid=2191 comm="lighttpd" name="php.socket-0" scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1238599701.882:34): arch=c000003e syscall=49 success=no exit=-13 a0=5 a1=7fffc3b6cf80 a2=13 a3=7fffc3b6cf78 items=0 ppid=2190 pid=2191 auid=1001 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) ses=2 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=user_u:system_r:httpd_t:s0 key=(null)
Comment 1 Matt Bailey 2009-04-01 11:56:47 EDT
Quick fix is obviously to edit the selinux policy or disable selinux, which is obviously not recommended.
Comment 2 Matthias Saou 2009-04-09 13:52:29 EDT
Creating the socket in /tmp/ is a bad idea. This might have been the default in the included example a while back, but the current one is now :
 "socket" => "/var/run/lighttpd/php-fastcgi.socket",

Please update to have the socket being used under /var/run/lighttpd/ and everything should work fine.

(please reopen if I'm wrong and it still doesn't work)

Note You need to log in before you can comment on or make changes to this bug.