禁用和启用 SELinux 后,Apache 和 MySQL 无法启动,messages.log 中显示此错误:
imjournal: rename() failed for new path: '/var/lib/rsyslog/imjournal.state': Permission denied [v8.24.0-34.el7 try http://www.rsyslog.com/e/0 ]
调试:
ausearch -ts 最近 -m avc -i:
type=PROCTITLE msg=audit(06/17/2019 12:50:55.444:179) :
proctitle=/usr/sbin/httpd -DFOREGROUND
type=SYSCALL msg=audit(06/17/2019 12:50:55.444:179) : arch=x86_64
syscall=open success=no exit=EACCES(Permission denied) a0=0x55edf621f410
a1=O_WRONLY|O_CREAT|O_APPEND|O_CLOEXEC a2=0666 a3=0x7ffc3f67e060 items=0
ppid=1 pid=3966 auid=unset uid=root gid=root euid=root suid=root fsuid=root
egid=root sgid=root fsgid=root tty=(none) ses=unset comm=httpd
exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(06/17/2019 12:50:55.444:179) : avc: denied { append }
for pid=3966 comm=httpd name=error.log dev="vda1" ino=318782163
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file permissive=0
状态:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31