SELinux is preventing /usr/sbin/httpd from write access on the mod_jk files
Issue
- SELinux is preventing
/usr/sbin/httpd
from write access on themod_jk*
files - The
httpd
service cannot create themod_jk
file.
The completeSELinux
denial is:
SELinux is preventing /usr/sbin/httpd from write access on the file mod_jk.shm.20985.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that httpd should be allowed write access on the mod_jk.shm.20985 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:httpd_config_t:s0
Target Objects mod_jk.shm.20985 [ file ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages httpd-2.4.6-31.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-23.el7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain
3.10.0-229.1.2.el7.x86_64 #1 SMP Fri Mar 6
17:12:08 EST 2015 x86_64 x86_64
Alert Count 4
First Seen 2015-05-21 13:21:45 PDT
Last Seen 2015-05-21 13:24:31 PDT
Local ID 5d55d97a-81d2-4cb6-8ff8-b521ebabb12b
Raw Audit Messages
type=AVC msg=audit(1432239871.385:17891): avc: denied { write } for pid=20985 comm="httpd" name="mod_jk.shm.20985" dev="dm-0" ino=137231972 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=file
type=SYSCALL msg=audit(1432239871.385:17891): arch=x86_64 syscall=open success=no exit=EACCES a0=7f80cc8c7220 a1=242 a2=1b6 a3=0 items=0 ppid=1 pid=20985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,httpd_config_t,file,write
Environment
- Red Hat Enterprise Linux 7
- httpd-2.4.6-31.el7.x86_64
- selinux-policy-3.13.1-23.el7.noarch
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.