Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-1426

[RHEL 7] SELinux is preventing httpd from map access on the chr_file /dev/zero

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Undefined
    • None
    • httpd 2.4.51 GA
    • httpd, selinux
    • None
    • False
    • None
    • False

    Description

      Description of problem: After updating jbcs-httpd from 2.4.37 to 2.4.51, the Webserver not starting giving "SELinux is preventing /opt/rh/jbcs-httpd24/root/usr/sbin/httpd from map access on the chr_file /dev/zero."

      Version-Release number of selected component (if applicable):

      How reproducible: Update jbcs-httpd from 2.4.37 to 2.4.51 and start httpd service with SE enforcing.

      Actual results:

      1. journalctl -xe:
      Okt 27 07:24:33 TestLab7 systemd[1]: Starting The Apache HTTP Server...
– Subject: Unit jbcs-httpd24-httpd.service has begun start-up
– Defined-By: systemd
– Support: 
[http://lists.freedesktop.org/mailman/listinfo/systemd-devel]
–
-- Unit jbcs-httpd24-httpd.service has begun starting up.
Okt 27 07:24:33 TestLab7 systemd[1]: jbcs-httpd24-httpd.service: main process exited, code=exited, status=1/FAILURE
Okt 27 07:24:33 TestLab7 systemd[1]: Failed to start The Apache HTTP Server.
– Subject: Unit jbcs-httpd24-httpd.service has failed
– Defined-By: systemd
– Support: 
[http://lists.freedesktop.org/mailman/listinfo/systemd-devel]
–
-- Unit jbcs-httpd24-httpd.service has failed.
–
-- The result is failed.
Okt 27 07:24:33 TestLab7 systemd[1]: Unit jbcs-httpd24-httpd.service entered failed state.
Okt 27 07:24:33 TestLab7 systemd[1]: jbcs-httpd24-httpd.service failed.
Okt 27 07:24:33 TestLab7 dbus[537]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Okt 27 07:24:33 TestLab7 polkitd[531]: Unregistered Authentication Agent for unix-process:3954:146366644 (system bus name :1.273625, object path /
Okt 27 07:24:34 TestLab7 dbus[537]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Okt 27 07:24:35 TestLab7 setroubleshoot[3979]: failed to retrieve rpm info for /dev/zero
Okt 27 07:24:35 TestLab7 postfix/smtpd[3992]: connect from localhost[127.0.0.1]
Okt 27 07:24:35 TestLab7 postfix/smtpd[3992]: C56F23338F66: client=localhost[127.0.0.1]
Okt 27 07:24:35 TestLab7 postfix/cleanup[3995]: C56F23338F66: message-id=<20221027052435.C56F23338F66@TestLab7>
Okt 27 07:24:35 TestLab7 postfix/smtpd[3992]: disconnect from localhost[127.0.0.1]
Okt 27 07:24:35 TestLab7 setroubleshoot[3979]: SELinux is preventing /opt/rh/jbcs-httpd24/root/usr/sbin/httpd from map access on the chr_file /dev
Okt 27 07:24:35 TestLab7 postfix/qmgr[1354]: C56F23338F66: from=<SELinux_Troubleshoot@TestLab7>, size=3130, nrcpt=1 (queue active)
Okt 27 07:24:35 TestLab7 python[3979]: SELinux is preventing /opt/rh/jbcs-httpd24/root/usr/sbin/httpd from map access on the chr_file /dev/zero.

      Expected results:

      It should work with the update.

      Additional info:

      It is working when set SE permissive.

      Attachments

        Issue Links

          links to

          Web Link RHBZ 1700758

          Web Link RHBZ 2143302

          Activity

            People

              rhn-support-csutherl Coty Sutherland
              rhn-support-csutherl Coty Sutherland
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: