Monday, May 16, 2016

Kernel Policy Modules

After installing Lighttpd, we kept getting an error:

Lighttpd doesn't start - selinux

Lighttpd doesn't start due to a conflict with file descriptors:

Issue
# /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd: 2012-06-03 00:57:12: (server.c.722) couldn't set 'max filedescriptors' Permission denied
                                                           [FAILED]

The process is being started as user lighttpd, and of course has no permissions to set file descriptors, which is the essence of the problem.

The fix for this, is to install seutils.

Solution:

Install SE utils

yum install policycoreutils-python
Create SELinux module to allow lighttpd to set its own open file descriptors limit
/usr/sbin/semodule -DB
# /etc/init.d/auditd restart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]
#grep lighttpd /var/log/audit/audit.log | audit2allow -M lighttpdmaxfds
#/usr/sbin/semodule -i lighttpdmaxfds.pp 
 # /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd:                                         [  OK  ]
# /usr/sbin/semodule -B
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Fixing Clustering and Disk Issues on an N+1 Morpheus CMP Cluster

I had performed an upgrade on Morpheus which I thought was fairly successful. I had some issues doing this upgrade on CentOS 7 because it wa...