调试:

调试:

禁用和启用 SELinux 后,Apache 和 MySQL 无法启动,messages.log 中显示此错误:

imjournal: rename() failed for new path: '/var/lib/rsyslog/imjournal.state': Permission denied [v8.24.0-34.el7 try http://www.rsyslog.com/e/0 ]

调试:

ausearch -ts 最近 -m avc -i:

type=PROCTITLE msg=audit(06/17/2019 12:50:55.444:179) : 
proctitle=/usr/sbin/httpd -DFOREGROUND 
type=SYSCALL msg=audit(06/17/2019 12:50:55.444:179) : arch=x86_64 
syscall=open success=no exit=EACCES(Permission denied) a0=0x55edf621f410 
a1=O_WRONLY|O_CREAT|O_APPEND|O_CLOEXEC a2=0666 a3=0x7ffc3f67e060 items=0 
ppid=1 pid=3966 auid=unset uid=root gid=root euid=root suid=root fsuid=root 
egid=root sgid=root fsgid=root tty=(none) ses=unset comm=httpd 
exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null) 
type=AVC msg=audit(06/17/2019 12:50:55.444:179) : avc:  denied  { append } 
for  pid=3966 comm=httpd name=error.log dev="vda1" ino=318782163 
scontext=system_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file permissive=0 

状态:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

相关内容