libreport version: 2.0.8 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.3.4-3.fc16.x86_64 reason: SELinux is preventing /usr/sbin/lighttpd from 'create' accesses on the sock_file php-fastcgi-1.socket-0. time: Di 15 Mai 2012 10:17:05 CEST description: :SELinux is preventing /usr/sbin/lighttpd from 'create' accesses on the sock_file php-fastcgi-1.socket-0. : :***** Plugin catchall_labels (83.8 confidence) suggests ******************** : :If sie wollen dem lighttpd den Zugriff create auf php-fastcgi-1.socket-0 sock_file erlauben :Then you need to change the label on php-fastcgi-1.socket-0 :Do :# semanage fcontext -a -t FILE_TYPE 'php-fastcgi-1.socket-0' :where FILE_TYPE is one of the following: httpd_tmp_t, httpd_tmpfs_t, dirsrv_var_run_t, httpd_var_run_t, systemd_passwd_var_run_t, passenger_var_run_t. :Then execute: :restorecon -v 'php-fastcgi-1.socket-0' : : :***** Plugin catchall (17.1 confidence) suggests *************************** : :If you believe that lighttpd should be allowed create access on the php-fastcgi-1.socket-0 sock_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep lighttpd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:httpd_t:s0 :Target Context system_u:object_r:var_lib_t:s0 :Target Objects php-fastcgi-1.socket-0 [ sock_file ] :Source lighttpd :Source Path /usr/sbin/lighttpd :Port <Unbekannt> :Host (removed) :Source RPM Packages lighttpd-1.4.28-3.fc16.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-84.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.3.4-3.fc16.x86_64 #1 SMP Thu May 3 14:46:44 UTC : 2012 x86_64 x86_64 :Alert Count 1 :First Seen Di 15 Mai 2012 10:14:15 CEST :Last Seen Di 15 Mai 2012 10:14:15 CEST :Local ID 736c1397-f2df-4a33-9bb6-b15b3a7fbeca : :Raw Audit Messages :type=AVC msg=audit(1337069655.264:213): avc: denied { create } for pid=1890 comm="lighttpd" name="php-fastcgi-1.socket-0" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file : : :type=SYSCALL msg=audit(1337069655.264:213): arch=x86_64 syscall=bind success=no exit=EACCES a0=5 a1=7fffbb47bd70 a2=32 a3=7fffbb47bd6c items=0 ppid=1 pid=1890 auid=4294967295 uid=992 gid=989 euid=992 suid=992 fsuid=992 egid=989 sgid=989 fsgid=989 tty=(none) ses=4294967295 comm=lighttpd exe=/usr/sbin/lighttpd subj=system_u:system_r:httpd_t:s0 key=(null) : :Hash: lighttpd,httpd_t,var_lib_t,sock_file,create : :audit2allow : :#============= httpd_t ============== :allow httpd_t var_lib_t:sock_file create; : :audit2allow -R : :#============= httpd_t ============== :allow httpd_t var_lib_t:sock_file create; :
What directory is it attempting to create this socket in?
It's /var/lib/lighttpd/sockets # ls -lZ /var/lib/lighttpd/sockets/php-fastcgi-* srwxr-xr-x. lighttpd lighttpd system_u:object_r:var_lib_t:s0 /var/lib/lighttpd/sockets/php-fastcgi-1.socket-0 srwxr-xr-x. lighttpd lighttpd system_u:object_r:var_lib_t:s0 /var/lib/lighttpd/sockets/php-fastcgi-2.socket-0 # ls -ldZ /var/lib/lighttpd/sockets drwxrwxrwx. lighttpd lighttpd unconfined_u:object_r:var_lib_t:s0 /var/lib/lighttpd/sockets
Execute # chcon -R -t httpd_var_lib_t /var/lib/lighttpd Also what does # rpm -qf /var/lib/lighttpd
# LANG=C rpm -qf /var/lib/lighttpd file /var/lib/lighttpd is not owned by any package But /etc/lighttpd/lighttpd.conf says: var.home_dir = "/var/lib/lighttpd" which is the default as shipped by fedora.
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.
Just a note if some one stumbles upon this: # chcon -R -t httpd_var_run_t /var/lib/lighttpd worked for me.