Bug 829025 - Example config in mod_jk does not work / is non-standard
Summary: Example config in mod_jk does not work / is non-standard
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: RPMs
Version: 6.0.0
Hardware: Unspecified
OS: Linux
unspecified
low
Target Milestone: ER7
: EAP 6.2.0
Assignee: Permaine Cheung
QA Contact: Michal Karm Babacek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-05 19:37 UTC by Risar
Modified: 2016-10-30 22:57 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-12-15 16:19:30 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Risar 2012-06-05 19:37:12 UTC 
Description of problem:
mod_jk package by default includes an example configuration file (mod_jk.conf.sample) which specifies cache should be stored in /var/log. This is not ideal (use /var/cache ?) and does not work with a SELinux enforcing policy.

Version-Release number of selected component (if applicable):
RHEL 6.2 with mod_jk-ap20-1.2.31-1.1.2 

How reproducible:
Install the default package. 
No config file is supplied.
The example config file is supplied with improper/non-standard values.

Steps to Reproduce:
1. yum install mod_jk
2. cp /usr/share/doc/mod_jk-ap20-1.2.31/mod_jk.conf.sample /etc/httpd/conf.d/mod_jk.conf
3. service restart httpd
  
Actual results:
SELinux denials if default (enforcing) policy is set, cache is written to /var/log/httpd. 

Expected results:
SELinux labels/attributes are properly set on packaged content, cache is written to a non-log directory (eg /var/cache/mod_jk/ perhaps ?) and we deploy a working & tested example config. 

Additional info:
Example config fix:
-JkShmFile logs/jk.shm
+JkShmFile /var/cache/mod_jk/jk.shm

Deploy config as /etc/httpd/conf.d/mod_jk.conf
Label JkShmFile parent directory (/var/cache/mod_jk in example) as httpd_cache_t (?)
Comment 3 Rostislav Svoboda 2013-06-27 12:18:41 UTC 
QA Ack granted, really small change 

-JkShmFile logs/jk.shm
+JkShmFile /var/cache/mod_jk/jk.shm

@Risar I think SELinux is supported for EWS 2.x only, not aware of any promise for EAP 6.x
Comment 6 Rostislav Svoboda 2013-08-29 10:03:11 UTC 
Setting proper components and resetting owner and and contact
Comment 7 Permaine Cheung 2013-10-11 15:43:33 UTC 
John, do we support SELinux in EAP? If so, who is our contact?
We'll need some expertise to set up SELinux policy file besides changing that location of the file.
Comment 8 John Doyle 2013-10-14 14:37:58 UTC 
We have not created am SELinux policy for EAP.  Users are free to create a policy but they own the policy.  GSS can assist them with creation of the policy.  If we're going to change the default configuration, we should not do it in a minor release.
Comment 9 Mladen Turk 2013-10-16 13:56:23 UTC 
Few comments
1. mod_jk.conf.sample should stay as sample
2. I'm fine with changing default location for jk.shm file

Users usually use .sample conf as a base for their config, changing what they
think needs to be changed leaving everything else intact so enforcing a new default shm file location is probably a good thing.
Comment 10 Permaine Cheung 2013-10-16 14:09:59 UTC 
I'm going to update the setting for JkShmFile in the sample to /var/cache/mod_jk/jk.shm, and create the /var/cache/mod_jk in the rpm, but keeping the sample as it is, not deployed by default. This change will only be applied to RHEL RPMs as there's no SELinux on other platform.
Comment 11 Permaine Cheung 2013-10-16 18:03:39 UTC 
mod_jk-1.2.37-4.redhat_3.ep6.el5 and mod_jk-1.2.37-4.redhat_3.ep6.el6 are built, jboss-eap-native-webserver-connectors updated on RHEL as well.
Will be in ER7.
Comment 12 Permaine Cheung 2013-11-07 19:11:25 UTC 
Marking this as ON_QA as this is fixed in ER7.
Comment 13 Michal Karm Babacek 2013-11-12 14:00:02 UTC 
Cool in EAP 6.2.0.ER7 rpms :-)
Note You need to log in before you can comment on or make changes to this bug.