Hi list,
I use a self compiled apache-2.2.27 on a CentOS6.5 box
I run into trouble with the apachectl command. If I try stop apache with 'apachectl stop' it complains:
(13)Permission denied: Error retrieving pid file run/httpd.pid Remove it before continuing if it is corrupted.
Audit logs shows the problem:
type=AVC msg=audit(1404897126.819:7069): avc: denied { read } for pid=23031 comm="httpd" name="httpd.pid" dev=dm-0 ino=529958 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1404897126.819:7069): arch=c000003e syscall=2 success=no exit=-13 a0=7ff99e37eff0 a1=80000 a2=1b6 a3=1 items=0 ppid=23029 pid=23031 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
BTW Stopping apache with 'httpd -k stop' works fine.
[root@centos1 conf]# ls -lZ /usr/sbin/apachectl -rwxr-xr-x. root root system_u:object_r:initrc_exec_t:s0 /usr/sbin/apachectl [root@centos1 conf]#
[root@centos1 conf]# ls -lZ /usr/sbin/httpd -rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd [root@centos1 conf]#
[root@centos1 audit]# ps -efZ | grep -i apachectl unconfined_u:system_r:initrc_t:s0 root 23066 2412 0 11:20 pts/0 00:00:00 /bin/sh /usr/sbin/apachectl
[root@centos1 audit]# ls -lZ httpd.pid -rw-r--r--. root root unconfined_u:object_r:var_run_t:s0 httpd.pid
How can I fix it?
Been away from selinux for a very long time. But will changing the context of apachectl to httpd_exec_t help ?
Regards, Kurian. On 07/09/2014 05:13 PM, Konopka.Andre wrote:
Hi list,
I use a self compiled apache-2.2.27 on a CentOS6.5 box
I run into trouble with the apachectl command.
If I try stop apache with ‘apachectl stop’ it complains:
(13)Permission denied: Error retrieving pid file run/httpd.pid
Remove it before continuing if it is corrupted.
Audit logs shows the problem:
type=AVC msg=audit(1404897126.819:7069): avc: denied { read } for pid=23031 comm="httpd" name="httpd.pid" dev=dm-0 ino=529958 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1404897126.819:7069): arch=c000003e syscall=2 success=no exit=-13 a0=7ff99e37eff0 a1=80000 a2=1b6 a3=1 items=0 ppid=23029 pid=23031 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
BTW Stopping apache with ‘httpd –k stop’ works fine.
[root@centos1 conf]# ls -lZ /usr/sbin/apachectl
-rwxr-xr-x. root root system_u:object_r:initrc_exec_t:s0 /usr/sbin/apachectl
[root@centos1 conf]#
[root@centos1 conf]# ls -lZ /usr/sbin/httpd
-rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd
[root@centos1 conf]#
[root@centos1 audit]# ps -efZ | grep -i apachectl
unconfined_u:system_r:initrc_t:s0 root 23066 2412 0 11:20 pts/0 00:00:00 /bin/sh /usr/sbin/apachectl
[root@centos1 audit]# ls -lZ httpd.pid
-rw-r--r--. root root unconfined_u:object_r:var_run_t:s0 httpd.pid
How can I fix it?
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Looks like the httpd.pid file is mislabled?
matchpathcon /run/httpd.pid /run/httpd.pid system_u:object_r:httpd_var_run_t:s0
Was this file created without running through a service script?
On 07/09/2014 07:43 AM, Konopka.Andre wrote:
Hi list,
I use a self compiled apache-2.2.27 on a CentOS6.5 box
I run into trouble with the apachectl command.
If I try stop apache with 'apachectl stop' it complains:
(13)Permission denied: Error retrieving pid file run/httpd.pid
Remove it before continuing if it is corrupted.
Audit logs shows the problem:
type=AVC msg=audit(1404897126.819:7069): avc: denied { read } for pid=23031 comm="httpd" name="httpd.pid" dev=dm-0 ino=529958 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1404897126.819:7069): arch=c000003e syscall=2 success=no exit=-13 a0=7ff99e37eff0 a1=80000 a2=1b6 a3=1 items=0 ppid=23029 pid=23031 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
BTW Stopping apache with 'httpd --k stop' works fine.
[root@centos1 conf]# ls -lZ /usr/sbin/apachectl
-rwxr-xr-x. root root system_u:object_r:initrc_exec_t:s0 /usr/sbin/apachectl
[root@centos1 conf]#
[root@centos1 conf]# ls -lZ /usr/sbin/httpd
-rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd
[root@centos1 conf]#
[root@centos1 audit]# ps -efZ | grep -i apachectl
unconfined_u:system_r:initrc_t:s0 root 23066 2412 0 11:20 pts/0 00:00:00 /bin/sh /usr/sbin/apachectl
[root@centos1 audit]# ls -lZ httpd.pid
-rw-r--r--. root root unconfined_u:object_r:var_run_t:s0 httpd.pid
How can I fix it?
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
No, file was created by the httpd process.. I compared all the files with a CentOS65 httpd-2.2.15-30.el6.centos.x86_64 installation and found no difference I have followed Kurian´s advice and changed the context of apachectl to httpd_exec_t. That solved my problem Thank you
Looks like the httpd.pid file is mislabled?
matchpathcon /run/httpd.pid /run/httpd.pid system_u:object_r:httpd_var_run_t:s0
Was this file created without running through a service script?
On 07/09/2014 07:43 AM, Konopka.Andre wrote: Hi list,
I use a self compiled apache-2.2.27 on a CentOS6.5 box
I run into trouble with the apachectl command. If I try stop apache with 'apachectl stop' it complains:
(13)Permission denied: Error retrieving pid file run/httpd.pid Remove it before continuing if it is corrupted.
Audit logs shows the problem:
type=AVC msg=audit(1404897126.819:7069): avc: denied { read } for pid=23031 comm="httpd" name="httpd.pid" dev=dm-0 ino=529958 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1404897126.819:7069): arch=c000003e syscall=2 success=no exit=-13 a0=7ff99e37eff0 a1=80000 a2=1b6 a3=1 items=0 ppid=23029 pid=23031 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
BTW Stopping apache with 'httpd -k stop' works fine.
[root@centos1 conf]# ls -lZ /usr/sbin/apachectl -rwxr-xr-x. root root system_u:object_r:initrc_exec_t:s0 /usr/sbin/apachectl [root@centos1 conf]#
[root@centos1 conf]# ls -lZ /usr/sbin/httpd -rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd [root@centos1 conf]#
[root@centos1 audit]# ps -efZ | grep -i apachectl unconfined_u:system_r:initrc_t:s0 root 23066 2412 0 11:20 pts/0 00:00:00 /bin/sh /usr/sbin/apachectl
[root@centos1 audit]# ls -lZ httpd.pid -rw-r--r--. root root unconfined_u:object_r:var_run_t:s0 httpd.pid
How can I fix it?
--
selinux mailing list
selinux@lists.fedoraproject.orgmailto:selinux@lists.fedoraproject.org
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
Konopka.Andre -
Kurian @ GnuHack