如何解决以下错误:
type=AVC msg=audit(1365523330.609:4846): avc: denied { append } for pid=12542 comm="FTPMan.pl" name="user_list" dev=dm-0 ino=2884237 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file Was caused by: Unknown - would be allowed by active policy Possible mismatch between this policy and the one under which the audit message was generated. Possible mismatch between current in-memory boolean settings vs. permanent ones. 关于这个特定的错误没有太多的文档。
检查Apache日志导致问题的实际文件(对我来说这是mod_jk.so)。 希望你会在错误日志中find一行
Cannot load /opt/coldfusion10/config/wsconfig/1/mod_jk.so into server: /opt/coldfusion10/config/wsconfig/1/mod_jk.so: failed to map segment from shared object: Permission denied
然后将该文件的selinux权限与http可执行文件的权限进行比较。 对我来说他们是
# ls -ldZ /opt/coldfusion10/config/wsconfig/1/mod_jk.so -rwxr-xr-x. nobody nobody unconfined_u:object_r:httpd_log_t:s0 /opt/coldfusion10/config/wsconfig/1/mod_jk.so # ls -ldZ /usr/sbin/httpd -rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd
你可以看到mod_jk.so对httpd二进制具有不同的权限。 要解决它,只需使它们相同
# sudo chcon -R -u system_u -r object_r -t httpd_exec_t /opt/coldfusion10/config/wsconfig/1/mod_jk.so
现在他们匹配了,对于我来说apache再次启动(不影响我的服务器安全)