hi
I maintain 10 webservers which is used for add delivery using PHP.sometimes when the load is high my apache process suddenly dies & i restart apache.
i find the following errors in my /var/log/messages/
server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
i think the above one is something related to selinux.so i disabled selinux stopped iptables & disabled firewall.
/sbin/fixfiles restore
but still i get the above error message in my /var/log/messages
how to fix this???
when i run top d 1 i see a few Zombie process of httpd
12198 apache 16 0 0 0 0 Z 3.0 0.0 0:00.09 httpd <defunct>
Os Centos 4.2 X86_64 bit Apache 2.0.52
below i am attaching the output of test.php which is in test.zip
how can i fix this problem ..
thanx & regards kishore chowdary
I maintain 10 webservers which is used for add delivery using PHP.sometimes when the load is high my apache process suddenly dies & i restart apache.
i find the following errors in my /var/log/messages/
server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
This error should not have anything to do with apache dying. This is preventing apache from performing a write action on something with an invalid context. You should check your tmpdir as it's defined in your php.ini, and possibly the mmcache and make sure apache the proper selinux context there (ls -Z). If apache is using /tmp as its temp directory (which is the default) then selinux will prevent apache from doing certain tasks with those files. It's best to create a tmpdir for apache in /var/www/tmp and define that in php.ini. This will fix tmp actions for apache. Details about this are here -> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193579
as for your normal files in the webroot, you should be sure they have the proper context on them. Files created in a user's homedir, and moved to the webroot will have an incorrect context. Files created in a user's homedir and COPIED will have a correct context. You can relabel the files as needed or use chcon in a similar fashion to chown and chmod.
/sbin/fixfiles restore
This won't fix the problems because the context on them is 'correct' they're just in the wrong location. The simple way is to do something like chcon --reference=/var/www /your/files/here, or something to that effect.