Monday, May 16, 2016

Kernel Policy Modules

After installing Lighttpd, we kept getting an error:

Lighttpd doesn't start - selinux

Lighttpd doesn't start due to a conflict with file descriptors:

Issue
# /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd: 2012-06-03 00:57:12: (server.c.722) couldn't set 'max filedescriptors' Permission denied
                                                           [FAILED]

The process is being started as user lighttpd, and of course has no permissions to set file descriptors, which is the essence of the problem.

The fix for this, is to install seutils.

Solution:

Install SE utils

yum install policycoreutils-python
Create SELinux module to allow lighttpd to set its own open file descriptors limit
/usr/sbin/semodule -DB
# /etc/init.d/auditd restart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]
#grep lighttpd /var/log/audit/audit.log | audit2allow -M lighttpdmaxfds
#/usr/sbin/semodule -i lighttpdmaxfds.pp 
 # /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd:                                         [  OK  ]
# /usr/sbin/semodule -B
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Zabbix to BigPanda Webhook Integration

Background BigPanda has made its way into the organization. I wasn't sure at first why, given that there's no shortage of Network Mo...