I maintain 10 webservers which is used for add delivery using PHP.sometimes
when the load is high my apache process suddenly dies & i restart apache.
i find the following errors in my /var/log/messages/
server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for
pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
This error should not have anything to do with apache dying. This is
preventing apache from performing a write action on something with an
invalid context. You should check your tmpdir as it's defined in your
php.ini, and possibly the mmcache and make sure apache the proper
selinux context there (ls -Z). If apache is using /tmp as its temp
directory (which is the default) then selinux will prevent apache from
doing certain tasks with those files. It's best to create a tmpdir for
apache in /var/www/tmp and define that in php.ini. This will fix tmp
actions for apache. Details about this are here ->
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193579
as for your normal files in the webroot, you should be sure they have
the proper context on them. Files created in a user's homedir, and
moved to the webroot will have an incorrect context. Files created in
a user's homedir and COPIED will have a correct context. You can
relabel the files as needed or use chcon in a similar fashion to chown
and chmod.
/sbin/fixfiles restore
This won't fix the problems because the context on them is 'correct'
they're just in the wrong location. The simple way is to do something
like chcon --reference=/var/www /your/files/here, or something to that
effect.
--
This message has been double ROT13 encoded for security. Anyone other
than the intended recipient attempting to decode this message will be
in violation of the DMCA
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
