Hey guys,
I've got another C7 problem I was hoping to solve. I
installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host.
It's failing to communicate with it's controller on another host. And this
is the interesting part. Whether or not I have SELinux enabled, I have
apache reporting SELinux problems.
[root@web1:~] #getenforce
Permissive
May 10 20:47:56 web1 python[25735]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:47:56 web1 python[25735]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:47:57 web1 python[25735]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:47:58 web1 python[25735]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:48:00 web1 python[25735]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:48:01 web1 python[25735]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:49:16 web1 python[25952]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:49:17 web1 python[25952]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:53:14 web1 python[26609]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
May 10 20:53:15 web1 python[26609]: SELinux is preventing
/usr/lib/appdynamics-php5/proxy/jre/bin/java from write access on the file
/usr/lib/appdynamics-php5/logs/agent.log.lck.
***** Plugin catchall (100.
confidence) suggests **************************...
So I enabled SELinux and started troubleshooting with audit2why.
[root@web1:~] #setenforce 1
[root@web1:~] #getenforce
Enforcing
And I'm seeing messages like these:
[root@web1:~] #grep appd /var/log/audit/audit.log | audit2why -w
type=AVC msg=audit(1431305820.292:393420): avc: denied { write } for
pid=27289 comm="java"
path="/usr/lib/appdynamics-php5/logs/testfile1615417693000946121.tmp"
dev="vda" ino=965852 scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to
allow this access.
The part I am stuck on is using audit2allow to generate a loadable module
that can allow this.
Can anyone spare any pointers on how to do that?
Thanks!
Tim
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
