-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
2
-
False
-
-
False
-
https://pkgs.devel.redhat.com/cgit/rpms/jbcs-httpd24-compose/commit/?h=jb-cs-httpd24-62-rhel-10&id=559cc115fb1dd3fa51ef98505e72efae97363b86, https://pkgs.devel.redhat.com/cgit/rpms/jbcs-httpd24-compose/commit/?h=jb-cs-httpd24-62-rhel-8&id=f921e346a2d4a98a4e859becd1c451f9bd49d8dc, https://pkgs.devel.redhat.com/cgit/rpms/jbcs-httpd24-compose/commit/?h=jb-cs-httpd24-62-rhel-9&id=b87f8f62932869f6a29f54965d5dd30febdb4cc6
-
-
In the latest archive release of JBCS Apache (2.4.62-SP2), deploying it to a location other than /opt/ results in a failure to start via systemd, as shown below.
# systemctl start jbcs-httpd24-httpd Job for jbcs-httpd24-httpd.service failed because of unavailable resources or another system error. See "systemctl status jbcs-httpd24-httpd.service" and "journalctl -xeu jbcs-httpd24-httpd.service" for details. // access /app/jbcs-httpd24-2.4/httpd/etc/sysconfig/httpd is rejected by selinux # journalctl -u jbcs-httpd24-httpd.service Nov 20 10:53:05 ip-10-0-0-192.ap-northeast-1.compute.internal systemd[1]: jbcs-httpd24-httpd.service: Failed to load environment files: Permission denied Nov 20 10:53:05 ip-10-0-0-192.ap-northeast-1.compute.internal systemd[1]: jbcs-httpd24-httpd.service: Failed to run 'start' task: Permission denied Nov 20 10:53:05 ip-10-0-0-192.ap-northeast-1.compute.internal systemd[1]: jbcs-httpd24-httpd.service: Failed with result 'resources'. Nov 20 10:53:05 ip-10-0-0-192.ap-northeast-1.compute.internal systemd[1]: Failed to start The Apache HTTP Server. // because the label of the following directory is default_t, expected would be httpd_config_t # ls -lZ /app/jbcs-httpd24-2.4/httpd/etc/sysconfig total 8 -rw-r--r--. 1 apache apache unconfined_u:object_r:default_t:s0 372 Nov 20 10:51 htcacheclean -rw-r--r--. 1 apache apache unconfined_u:object_r:default_t:s0 980 Nov 20 10:51 httpd
Wouldn't it also be necessary for jbcs-httpd24-httpd.fc to assign the httpd_config_t label to HTTPD_HOME/etc?
jbcs-httpd24-2.4/httpd/selinux/jbcs-httpd24-httpd.fc
@@CWD@@/conf(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
@@CWD@@/conf.d(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
@@CWD@@/conf.modules.d(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
@@CWD@@/logs(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
@@CWD@@/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
@@CWD@@/lib(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
@@CWD@@/run(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
@@CWD@@/bin(/.*)? gen_context(system_u:object_r:httpd_exec_t,s0)
@@CWD@@/sbin(/.*)? gen_context(system_u:object_r:httpd_exec_t,s0)
@@CWD@@/cache(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
@@CWD@@/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@CWD@@/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
@@CWD@@/etc(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) <<<=== Would this line also be needed?
