FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 06-03-2008, 05:52 AM
"Carlos Chavez"
 
Default selinux and httpd don't start on boot - message error EAI9

Hello everyone.

the HTTP server don't start on boot, it send the following message sort of, it was difficult to copy because it showed only in the start up process and no log messages in any log file.

Message: Address Family for Hostname not supported: (EAI 9) alloc_listener failed to setup sockaddr for 127.0.0.1.

That is the message sort of.

This happen when i setup the option Listen 127.0.0.1:80, when i start manually the httpd server start successfully, but not on boot.

It say too that there is an syntax error in the line where is the sentence Listen, but if i run the syntax check the HTTP said the syntax is OK.


I'm using fedora 9 with the latest updates.
selinux 3.3.1-55
httpd 2.2.8-3
kernel 2.6.25.3-18
--
Cheers.
Carlos Chávez


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 06-03-2008, 08:13 AM
Paul Howarth
 
Default selinux and httpd don't start on boot - message error EAI9

Carlos Chavez wrote:

Hello everyone.

the HTTP server don't start on boot, it send the following message sort of,
it was difficult to copy because it showed only in the start up process and
no log messages in any log file.

Message: Address Family for Hostname not supported: (EAI 9) alloc_listener
failed to setup sockaddr for 127.0.0.1.
That is the message sort of.

This happen when i setup the option Listen 127.0.0.1:80, when i start
manually the httpd server start successfully, but not on boot.

It say too that there is an syntax error in the line where is the sentence
Listen, but if i run the syntax check the HTTP said the syntax is OK.

I'm using fedora 9 with the latest updates.
selinux 3.3.1-55
httpd 2.2.8-3
kernel 2.6.25.3-18


My wild guess at the cause of this would be that NetworkManager hasn't
started the network at the time the httpd initscript runs.


Are there any indications in the logs (such as avc denials) that this is
an selinux issue?


Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 06-03-2008, 11:46 AM
"Carlos Chavez"
 
Default selinux and httpd don't start on boot - message error EAI9

Hi Paul.

No, there is no avc denials error messages or other selinux related error messages in the logs.
The error messages that i post is showed only in the start up process but no other messages is send to any log file.


What i did in order to associated the error to selinux was stoped selinux, when i stop selinux and restart the PC the httpd start with no problems at boot time.

I'm not sure about the NetworkManager in the logs it seems that load correctly at boot time and set the network parameter as soon as the process start, no delay for that.


I have configure the ntpd to synchronize the date/time and this works fine, this need the network device setup, so i think the NetworkManager works too.

Cheers.
Carlos Chávez.


2008/6/3 Paul Howarth <paul@city-fan.org>:

Carlos Chavez wrote:


Hello everyone.



the HTTP server don't start on boot, it send the following message sort of,

it was difficult to copy because it showed only in the start up process and

no log messages in any log file.



Message: Address Family for Hostname not supported: (EAI 9) alloc_listener

failed to setup sockaddr for 127.0.0.1.

That is the message sort of.



This happen when i setup the option Listen 127.0.0.1:80, when i start

manually the httpd server start successfully, but not on boot.



It say too that there is an syntax error in the line where is the sentence

Listen, but if i run the syntax check the HTTP said the syntax is OK.



I'm using fedora 9 with the latest updates.

selinux 3.3.1-55

httpd 2.2.8-3

kernel 2.6.25.3-18




My wild guess at the cause of this would be that NetworkManager hasn't started the network at the time the httpd initscript runs.



Are there any indications in the logs (such as avc denials) that this is an selinux issue?



Paul.



--
Carlos Chávez
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 06-03-2008, 12:09 PM
Eric Paris
 
Default selinux and httpd don't start on boot - message error EAI9

On Tue, 2008-06-03 at 05:46 -0600, Carlos Chavez wrote:
> Hi Paul.
>
> No, there is no avc denials error messages or other selinux related
> error messages in the logs.
> The error messages that i post is showed only in the start up process
> but no other messages is send to any log file.
>
> What i did in order to associated the error to selinux was stoped
> selinux, when i stop selinux and restart the PC the httpd start with
> no problems at boot time.
>
> I'm not sure about the NetworkManager in the logs it seems that load
> correctly at boot time and set the network parameter as soon as the
> process start, no delay for that.
>
> I have configure the ntpd to synchronize the date/time and this works
> fine, this need the network device setup, so i think the
> NetworkManager works too.

Are you sure you are looking in the right place for those selinux denial
messages? look for 'denied' in /var/log/messages and look at the output
of ausearch -m AVC

-Eric

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 06-04-2008, 06:29 AM
"Carlos Chavez"
 
Default selinux and httpd don't start on boot - message error EAI9

Hi Eric.
I think so.

cat /var/log/messages | grep denied
cat /var/log/messages | grep avc

any command show no output and

ausearch -m AVC

show this:
----
time->Tue Jun 3 23:39:03 2008

type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11 success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0 ppid=2878 pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)

type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0 ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_ubject_r:user_tmp_t:s0 tclass=file

type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0 ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_ubject_r:user_tmp_t:s0 tclass=file

that messages was when a restart the NetworkManager as root on a shell.

Cheers.
Carlos Chávez.


2008/6/3 Eric Paris <eparis@redhat.com>:

On Tue, 2008-06-03 at 05:46 -0600, Carlos Chavez wrote:

> Hi Paul.

>

> No, there is no avc denials error messages or other selinux related

> error messages in the logs.

> The error messages that i post is showed only in the start up process

> but no other messages is send to any log file.

>

> What i did in order to associated the error to selinux was stoped

> selinux, when i stop selinux and restart the PC the httpd start with

> no problems at boot time.

>

> I'm not sure about the NetworkManager in the logs it seems that load

> correctly at boot time and set the network parameter as soon as the

> process start, no delay for that.

>

> I have configure the ntpd to synchronize the date/time and this works

> fine, this need the network device setup, so i think the

> NetworkManager works too.



Are you sure you are looking in the right place for those selinux denial

messages? *look for 'denied' in /var/log/messages and look at the output

of ausearch -m AVC



-Eric





--
Carlos Chávez
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 06-04-2008, 08:39 AM
Paul Howarth
 
Default selinux and httpd don't start on boot - message error EAI9

Carlos Chavez wrote:

Hi Eric.
I think so.

cat /var/log/messages | grep denied
cat /var/log/messages | grep avc

any command show no output and

ausearch -m AVC

show this:

----
time->Tue Jun 3 23:39:03 2008
type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11
success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0
ppid=2878 pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts2 ses=1 comm="NetworkManager"
exe="/usr/sbin/NetworkManager"
subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1212557943.344:16): avc: denied { read write }
for pid=2879 comm="NetworkManager"
path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0
ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0
tcontext=unconfined_ubject_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1212557943.344:16): avc: denied { read write }
for pid=2879 comm="NetworkManager"
path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0
ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0
tcontext=unconfined_ubject_r:user_tmp_t:s0 tclass=file

that messages was when a restart the NetworkManager as root on a shell.


You need to be looking in /var/log/audit/audit.log rather than
/var/log/messages if you're running auditd.


Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 06-04-2008, 01:25 PM
Eric Paris
 
Default selinux and httpd don't start on boot - message error EAI9

On Wed, 2008-06-04 at 00:29 -0600, Carlos Chavez wrote:
> Hi Eric.
> I think so.
>
> cat /var/log/messages | grep denied
> cat /var/log/messages | grep avc
>
> any command show no output and
>
> ausearch -m AVC
>
> show this:
> ----
> time->Tue Jun 3 23:39:03 2008
>
> type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11 success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0 ppid=2878 pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
>
> type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0 ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_ubject_r:user_tmp_t:s0 tclass=file
>
> type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0 ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_ubject_r:user_tmp_t:s0 tclass=file
>
> that messages was when a restart the NetworkManager as root on a
> shell.
>
> Cheers.
> Carlos Chávez.

Huh... If you system is new enough to support it, can you try

semodule -DB
and then reboot
after it comes up and fails give us the output of ausearch -m AVC
again...

-Eric

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 06-10-2008, 04:03 AM
"Carlos Chavez"
 
Default selinux and httpd don't start on boot - message error EAI9

Unfortunately the list has a limit so i can not post the full list of messages, the following is just part of the messages related to the httpd:
*
type=AVC msg=audit(1213067949.988:317): avc: denied { search } for pid=2004 comm="httpd" name="selinux" dev=dm-0 ino=5235563 scontext=system_u:system_r:httpd_t:s0 tcontext=system_ubject_r:selinux_config_t:s0 tclass=dir

type=SYSCALL msg=audit(1213067949.988:317): arch=40000003 syscall=5 success=no exit=-13 a0=196e92 a1=8000 a2=1b6 a3=0 items=0 ppid=2003 pid=2004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

type=AVC msg=audit(1213067949.991:318): avc: denied { search } for pid=2004 comm="httpd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:httpd_t:s0 tcontext=system_ubject_r:security_t:s0 tclass=dir

type=SYSCALL msg=audit(1213067949.991:318): arch=40000003 syscall=195 success=no exit=-13 a0=bfc9b81c a1=bfc9b7bc a2=555ff4 a3=bfc9b81c items=0 ppid=2003 pid=2004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

type=AVC msg=audit(1213067949.991:319): avc: denied { search } for pid=2004 comm="httpd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:httpd_t:s0 tcontext=system_ubject_r:security_t:s0 tclass=dir

type=SYSCALL msg=audit(1213067949.991:319): arch=40000003 syscall=5 success=no exit=-13 a0=bfc9b7f4 a1=8000 a2=0 a3=8000 items=0 ppid=2003 pid=2004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

type=MAC_CONFIG_CHANGE msg=audit(1213069227.345:1828): bool=httpd_can_network_connect val=1 old_val=0 auid=500 ses=1
type=MAC_CONFIG_CHANGE msg=audit(1213069266.437:1833): bool=httpd_can_network_connect_db val=1 old_val=0 auid=500 ses=1

Cheers.
Carlos Chávez.

2008/6/4 Eric Paris <eparis@redhat.com>:

On Wed, 2008-06-04 at 00:29 -0600, Carlos Chavez wrote:

> Hi Eric.

> I think so.

>

> cat /var/log/messages | grep denied

> cat /var/log/messages | grep avc

>

> any command show no output and

>

> ausearch -m AVC

>

> show this:

> ----

> time->Tue Jun *3 23:39:03 2008

>

> type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11 success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0 ppid=2878 pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)


>

> type=AVC msg=audit(1212557943.344:16): avc: *denied *{ read write } for *pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0 ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_ubject_r:user_tmp_t:s0 tclass=file


>

> type=AVC msg=audit(1212557943.344:16): avc: *denied *{ read write } for *pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0 ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_ubject_r:user_tmp_t:s0 tclass=file


>

> that messages was when a restart the NetworkManager as root on a

> shell.

>

> Cheers.

> Carlos Chávez.



Huh... *If you system is new enough to support it, can you try



semodule -DB

and then reboot

after it comes up and fails give us the output of ausearch -m AVC

again...



-Eric





--
Carlos Chávez
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:24 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org