Bug 675073 - Server fails to start on some custom document root
Summary: Server fails to start on some custom document root
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: lighttpd
Version: 14
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Matthias Saou
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-04 07:21 UTC by Arnaud Lacombe
Modified: 2011-02-04 08:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-02-04 08:41:43 UTC
Type: ---


Attachments (Terms of Use)

Description Arnaud Lacombe 2011-02-04 07:21:31 UTC
Description of problem:
When started with a custom "server.document-root", lighttpd refuses to start:

2011-02-04 01:22:59: (configfile.c.1210) base-docroot doesn't exist: /bla 
2011-02-04 01:22:59: (server.c.613) setting default values failed

On the two following directory:

drwxrwxr-x. 32 root wheel 4096 Feb  4 00:49 /foo

drwxrwxr-x. 2 root wheel 4096 Feb  4 01:35 /bar

lighttpd fails to start on "/foo" (which is a mount point for a volume) but works on "/bar". It also fails to start with the document root pointing to my home directory, but succeed to another newly created directory in /home, with a different name, but _same_ permission.

Version-Release number of selected component (if applicable):
1.4.26-2.fc14

How reproducible:
ever.

Steps to Reproduce:
1. install lighttpd
2. change document root
3. restart
  
Actual results:
2011-02-04 01:22:59: (configfile.c.1210) base-docroot doesn't exist: /foo/www 
2011-02-04 01:22:59: (server.c.613) setting default values failed

Expected results:
it should start normally, permission seems correct (see below)

Additional info:
Running lighttpd as root, on a command line:

/usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

works fine with the same root directory the script refused to start on.

It would seem that when run from the startup script, lighttpd gets a permission denied. If I wrap /usr/sbin/lighttpd in a shell script, starting an interactive sub-shell, and running the above command is strace results in the following:

stat("/foo/www", 0x7fff408e4a80)       = -1 EACCES (Permission denied)

Copying the startup script from /etc/init.d/lighttpd to /etc/init.d/lighttpd.sh, without any modification make the startup succeed

I am not sure to pin-point the source of the limitation.

Comment 1 Arnaud Lacombe 2011-02-04 07:38:46 UTC
This is actually an Selinux issue, from the dmesg log:

[1080126.215214] type=1400 audit(1296804893.151:28989): avc:  denied  { getattr } for  pid=17292 comm="lighttpd" path="/foo/www" dev=sda4 ino=24643174 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir

I'm not really sure how to make it work as I want, though...

Comment 2 Arnaud Lacombe 2011-02-04 07:43:14 UTC
chcon -R -h -t httpd_sys_content_t /foo/www

did the job.


Note You need to log in before you can comment on or make changes to this bug.