[CentOS] Apache problem

Thu Jun 22 12:25:27 UTC 2006
Jim Perrin <jperrin at gmail.com>

> I maintain 10 webservers which is used for add delivery using PHP.sometimes
> when the load is high my apache process suddenly dies & i restart apache.
>
>
> i find the following errors in my /var/log/messages/
>
> server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for
> pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317
> scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir

This error should not have anything to do with apache dying. This is
preventing apache from performing a write action on something with an
invalid context. You should check your tmpdir as it's defined in your
php.ini, and possibly the mmcache and make sure apache the proper
selinux context there (ls -Z). If apache is using /tmp as its temp
directory (which is the default) then selinux will prevent apache from
doing certain tasks with those files. It's best to create a tmpdir for
apache in /var/www/tmp and define that in php.ini. This will fix tmp
actions for apache. Details about this are here ->
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193579

as for your normal files in the webroot, you should be sure they have
the proper context on them. Files created in a user's homedir, and
moved to the webroot will have an incorrect context. Files created in
a user's homedir and COPIED will have a correct context. You can
relabel the files as needed or use chcon in a similar fashion to chown
and chmod.

> /sbin/fixfiles restore

This won't fix the problems because the context on them is 'correct'
they're just in the wrong location. The simple way is to do something
like chcon --reference=/var/www /your/files/here, or something to that
effect.


-- 
This message has been double ROT13 encoded for security. Anyone other
than the intended recipient attempting to decode this message will be
in violation of the DMCA