Monday, May 16, 2016

Kernel Policy Modules

After installing Lighttpd, we kept getting an error:

Lighttpd doesn't start - selinux

Lighttpd doesn't start due to a conflict with file descriptors:

Issue
# /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd: 2012-06-03 00:57:12: (server.c.722) couldn't set 'max filedescriptors' Permission denied
                                                           [FAILED]

The process is being started as user lighttpd, and of course has no permissions to set file descriptors, which is the essence of the problem.

The fix for this, is to install seutils.

Solution:

Install SE utils

yum install policycoreutils-python
Create SELinux module to allow lighttpd to set its own open file descriptors limit
/usr/sbin/semodule -DB
# /etc/init.d/auditd restart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]
#grep lighttpd /var/log/audit/audit.log | audit2allow -M lighttpdmaxfds
#/usr/sbin/semodule -i lighttpdmaxfds.pp 
 # /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd:                                         [  OK  ]
# /usr/sbin/semodule -B
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

SLAs using Zabbix in a VMware Environment

 Zabbix 7 introduced some better support for SLAs. It also had better support for VMware. VMware, of course now owned by BroadSoft, has prio...