SELinux许可被Phusion Passenger拒绝以换取 [英] SELinux permission denied to Phusion Passenger for redmine
问题描述
我正在尝试在 CentOS 6.3 上安装 Redmine ,但是我仍然在日志文件中得到此错误
I am trying to install Redmine on CentOS 6.3 but I continue to get this error in the log file
Passenger could not be initialized because of this error: Unable to start
the Phusion Passenger watchdog (/usr/lib/ruby/gems/1.8/gems/passenger-4.0.20/buildout
/agents/PassengerWatchdog): Permission denied (errno=13)
我一直在网上寻找,无法在任何地方或以任何方式解决此错误.我尝试将对文件夹的权限更改为777
和apache:apache
,但均无效.
I have been looking online and cannot find this error anywhere or any way to fix it. I have tried changing permissions to the folder to 777
and apache:apache
but neither work.
我想出的让 redmine 起作用的唯一解决方案是将 SELinux 设置为禁用或允许(我不想这样做).
The only solution that I have come up with to get redmine to work is to set SELinux to disabled or permissive (which I do not want to do).
有人能解决此问题而使 SELinux 处于启用状态吗?
Does anyone have another way to fix this problem that leaves SELinux enabled?
在/var/log/messages下找到SELinux日志文件
Found the SELinux log file under /var/log/messages
这是文件的结尾
Oct 16 14:07:30 localhost pulseaudio[2329]: alsa-util.c: Disabling timer-based scheduling because running inside a VM.
Oct 16 14:07:30 localhost rtkit-daemon[2183]: Sucessfully made thread 2331 of process 2329 (/usr/bin/pulseaudio) owned by '500' RT at priority 5.
Oct 16 14:07:30 localhost pulseaudio[2329]: alsa-util.c: Disabling timer-based scheduling because running inside a VM.
Oct 16 14:07:30 localhost rtkit-daemon[2183]: Sucessfully made thread 2332 of process 2329 (/usr/bin/pulseaudio) owned by '500' RT at priority 5.
Oct 16 14:07:31 localhost rtkit-daemon[2183]: Sucessfully made thread 2427 of process 2427 (/usr/bin/pulseaudio) owned by '500' high priority at nice level -11.
Oct 16 14:07:31 localhost pulseaudio[2427]: pid.c: Daemon already running.
Oct 16 14:08:04 localhost kernel: type=1400 audit(1381957684.726:5): avc: denied { execute_no_trans } for pid=2663 comm="httpd" path="/usr/lib/ruby/gems/1.8/gems/passenger-4.0.20/buildout/agents/PassengerWatchdog" dev=dm-0 ino=1048752 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:lib_t:s0 tclass=file
Oct 16 14:08:04 localhost kernel: type=1400 audit(1381957684.760:6): avc: denied { execute_no_trans } for pid=2668 comm="httpd" path="/usr/lib/ruby/gems/1.8/gems/passenger-4.0.20/buildout/agents/PassengerWatchdog" dev=dm-0 ino=1048752 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:lib_t:s0 tclass=file
Oct 16 14:09:11 localhost pulseaudio[2329]: alsa-sink.c: ALSA woke us up to write new data to the device, but there was actually nothing to write!
Oct 16 14:09:11 localhost pulseaudio[2329]: alsa-sink.c: Most likely this is a bug in the ALSA driver 'snd_intel8x0'. Please report this issue to the ALSA developers.
Oct 16 14:09:11 localhost pulseaudio[2329]: alsa-sink.c: We were woken up with POLLOUT set -- however a subsequent snd_pcm_avail() returned 0 or another value < min_avail.
有什么建议吗?
推荐答案
因此,您可以使用audit2allow(yum install audit-libs-python audit-libs)来解决此问题.
So, you can fix this by using audit2allow (yum install audit-libs-python audit-libs).
SELinux日志到/var/log/audit/audit.log.如果您跟踪并捕获了重新启动Web服务(服务httpd restart)的输出,则可以通过audit2allow运行新输出,并创建一个模块以在selinux下安装...
SELinux logs to /var/log/audit/audit.log. If you tail and capture the output from restarting the web service (service httpd restart) you can then run the new output through audit2allow and make a module to install under selinux...
因此,假设您已将其捕获到名为"audit_tmp"的文件中:
So, assuming you have captured it into a file called "audit_tmp":
cat audit_tmp | audit2allow -D -M passenger
这将创建一个名为passenger.pp的文件,您可以使用以下文件进行应用:
This will create a file called passenger.pp which you can apply using:
semodule -i passenger.pp
这样做将阻止阻止乘客装载的第一件事-但请注意可能还会更多,因此您需要再次重复该过程,直到工作为止.我希望这是有道理的!
Doing this will unblock the first thing that was stopping passenger from loading - but be aware that there will probably be more so you will need to repeats the process again until it works. I hope that makes sense!
这篇关于SELinux许可被Phusion Passenger拒绝以换取的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!