SELinux is preventing /usr/sbin/httpd from write access on the mod_jk files

Solution Verified - Updated -

Issue

  • SELinux is preventing /usr/sbin/httpd from write access on the mod_jk* files
  • The httpd service cannot create the mod_jk file.
    The complete SELinux denial is:
 SELinux is preventing /usr/sbin/httpd from write access on the file mod_jk.shm.20985.

 *****  Plugin catchall (100. confidence) suggests   **************************

 If you believe that httpd should be allowed write access on the mod_jk.shm.20985 file by default.
 Then you should report this as a bug.
 You can generate a local policy module to allow this access.
 Do
 allow this access for now by executing:
 # grep httpd /var/log/audit/audit.log | audit2allow -M mypol
 # semodule -i mypol.pp

 Additional Information:
 Source Context                system_u:system_r:httpd_t:s0
 Target Context                system_u:object_r:httpd_config_t:s0
 Target Objects                mod_jk.shm.20985 [ file ]
 Source                        httpd
 Source Path                   /usr/sbin/httpd
 Port                          <Unknown>
 Host                          localhost.localdomain
 Source RPM Packages           httpd-2.4.6-31.el7.x86_64
 Target RPM Packages           
 Policy RPM                    selinux-policy-3.13.1-23.el7.noarch
 Selinux Enabled               True
 Policy Type                   targeted
 Enforcing Mode                Enforcing
 Host Name                     localhost.localdomain
 Platform                      Linux localhost.localdomain
                              3.10.0-229.1.2.el7.x86_64 #1 SMP Fri Mar 6
                              17:12:08 EST 2015 x86_64 x86_64
 Alert Count                   4
 First Seen                    2015-05-21 13:21:45 PDT
 Last Seen                     2015-05-21 13:24:31 PDT
 Local ID                      5d55d97a-81d2-4cb6-8ff8-b521ebabb12b

 Raw Audit Messages
 type=AVC msg=audit(1432239871.385:17891): avc:  denied  { write } for  pid=20985 comm="httpd" name="mod_jk.shm.20985" dev="dm-0" ino=137231972  scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=file

 type=SYSCALL msg=audit(1432239871.385:17891): arch=x86_64 syscall=open success=no exit=EACCES a0=7f80cc8c7220 a1=242 a2=1b6 a3=0 items=0 ppid=1  pid=20985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)

 Hash: httpd,httpd_t,httpd_config_t,file,write

Environment

  • Red Hat Enterprise Linux 7
  • httpd-2.4.6-31.el7.x86_64
  • selinux-policy-3.13.1-23.el7.noarch

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content