Monday, May 16, 2016

Kernel Policy Modules

After installing Lighttpd, we kept getting an error:

Lighttpd doesn't start - selinux

Lighttpd doesn't start due to a conflict with file descriptors:

Issue
# /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd: 2012-06-03 00:57:12: (server.c.722) couldn't set 'max filedescriptors' Permission denied
                                                           [FAILED]

The process is being started as user lighttpd, and of course has no permissions to set file descriptors, which is the essence of the problem.

The fix for this, is to install seutils.

Solution:

Install SE utils

yum install policycoreutils-python
Create SELinux module to allow lighttpd to set its own open file descriptors limit
/usr/sbin/semodule -DB
# /etc/init.d/auditd restart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]
#grep lighttpd /var/log/audit/audit.log | audit2allow -M lighttpdmaxfds
#/usr/sbin/semodule -i lighttpdmaxfds.pp 
 # /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd:                                         [  OK  ]
# /usr/sbin/semodule -B
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

ChatGPT Completely Lied to Me and Made Up Fictitious Information

This is an excerpt of a conversation I had with ChatGPT agent.  It outright lied and MADE STUFF UP!!!! And THIS is why AI is dangerous on so...