SELinux的故障排除一例Posted on
刚刚采用Puppet部署了dokuwiki,不过配置完成后报错:
DokuWiki Setup ErrorThe datadir (‘pages’) at /pages is not found, isn’t accessible or writable. You should check your config and permission settings. Or maybe you want to run the installer?
尝试关闭了SELinux,,之后就正常。可是在测试环境中就没这个问题。系统环境基本一致。
于是查看了下audit.log:
tail -f /var/log/audit/audit.log | grep -i httpdtype=AVC msg=audit(name=dev=dm-2 ino=2 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirtype=SYSCALL msg=audit(exe=subj=unconfined_u:system_r:httpd_t:s0 key=(null)type=AVC msg=audit(name=dev=dm-2 ino=2 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirtype=SYSCALL msg=audit(exe=subj=unconfined_u:system_r:httpd_t:s0 key=(null)type=AVC msg=audit(name=dev=dm-2 ino=2 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirtype=SYSCALL msg=audit(exe=subj=unconfined_u:system_r:httpd_t:s0 key=(null)type=AVC msg=audit(name=dev=dm-2 ino=2 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirtype=SYSCALL msg=audit(exe=subj=unconfined_u:system_r:httpd_t:s0 key=(null)type=AVC msg=audit(name=dev=dm-2 ino=2 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirtype=SYSCALL msg=audit(exe=subj=unconfined_u:system_r:httpd_t:s0 key=(null)type=AVC msg=audit(name=dev=dm-2 ino=2 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirtype=SYSCALL msg=audit(exe=subj=unconfined_u:system_r:httpd_t:s0 key=(null)
HOHO,第一次处理SELinux的故障,看到其中的name、dev以及scontext和tcontext,于是在“/”下找找:
[root@localhost /]# ll -Z /drwxr-xr-x. apache apache system_u:object_r:file_t:s0wiki
后来发现是因为将wiki的目录建在了“/”下面,并重新挂载了一个分区,重新赋予权限就好了
[root@localhost /]# chcon -t httpd_t /wiki
对SELinux的了解还是太浅,呵呵。
而它的种子,就是它生命的延续,继续承受风,