在调查导致服务器锁定/崩溃的原因时,我在 /var/log/messages 中发现了许多 selinux 消息。例如:
setroubleshoot: SELinux is preventing /usr/sbin/httpd from getattr access on the file /tmp/sess_s5etafvc5ito5qi9icvpc17vi5. For complete SELinux messages. run sealert -l 9d054e4e-fc34-41a3-8fc5-4015026d2c6c
不确定是否相关,但这些组前面或后面有很多行
audispd: queue is full - dropping event
无论如何,运行建议的 sealert 命令可以
SELinux is preventing /usr/sbin/httpd from getattr access on the file /tmp/sess_aa0iif62mu7nd4a4hb4g72slv3.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that httpd should be allowed getattr access on the sess_aa0iif62mu7nd4a4hb4g72slv3 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
ls -l 显示它属于 root
-rw-------. 1 root root 0 Dec 2 05:03 sess_aa0iif62mu7nd4a4hb4g72slv3
我对 /tmp 目录或会话不太了解。httpd 拥有会话文件,那么为什么 httpd 会尝试访问 root 拥有的会话文件?为什么首先会有 root 拥有的会话文件?这是需要担心还是需要修复的问题?数百或数千个这样的文件会导致服务器锁定/内核崩溃吗?
答案1
似乎您有一个以 root 身份运行的应用程序引擎(例如 PHP)。通过 ps 或 top 验证每个服务器守护程序的进程所属用户。