无法创建卷影副本 (CopyFile)

无法创建卷影副本 (CopyFile)

无法创建卷影副本 (CopyFile)

描述:HTTP 500。处理请求时出错

在我开始提问之前,下面是我之前的问题的链接,它是 503 错误,通过启用 seboolian 解决 httpd_execmem
当 SELinux 强制执行时 Mono 崩溃,如何让 Mono 服务器在 SELinux 强制执行时工作?

现在,我被困住了——

1)当我尝试访问.aspx页面时:

# elinks --dump 127.0.0.1/ASP-Portal/index.aspx

                   Server Error in '/ASP-Portal' Application
   Failed to create shadow copy (CopyFile).
   Description: HTTP 500. Error processing request.

   Stack Trace:

System.ExecutionEngineException: Failed to create shadow copy (CopyFile).
  at (wrapper managed-to-native) System.Reflection.Assembly:LoadFrom (string,bool)
  at System.Reflection.Assembly.LoadFrom (System.String assemblyFile) [0x00000] in <filename unknown>:0
  at System.Web.Compilation.BuildManager.LoadAssembly (System.String path, System.Collections.Generic.List`1 al) [0x00000] in <filename unknown>:0
  at System.Web.Compilation.BuildManager.GetReferencedAssemblies () [0x00000] in <filename unknown>:0
  at System.Web.Compilation.AssemblyBuilder.BuildAssembly (System.Web.VirtualPath virtualPath, System.CodeDom.Compiler.CompilerParameters options) [0x00000] in <filename unknown>:0
  at System.Web.Compilation.AssemblyBuilder.BuildAssembly (System.CodeDom.Compiler.CompilerParameters options) [0x00000] in <filename unknown>:0
  at System.Web.Compilation.AppCodeAssembly.Build (System.String[] binAssemblies) [0x00000] in <filename unknown>:0
  at System.Web.Compilation.AppCodeCompiler.Compile () [0x00000] in <filename unknown>:0
  at System.Web.HttpApplicationFactory.InitType (System.Web.HttpContext context) [0x00000] in <filename unknown>:0

   Version information: Mono Runtime Version: 2.10.2 (tarball Mon Aug 8
   13:09:50 IST 2016); ASP.NET Version: 2.0.50727.1433

2)audit.log状态:

# cat /var/log/audit/audit.log | audit2allow

#============= httpd_sys_script_t ==============
#!!!! This avc is allowed in the current policy

allow httpd_sys_script_t inotifyfs_t:dir read;
#!!!! This avc is allowed in the current policy

allow httpd_sys_script_t self:process execmem;
allow httpd_sys_script_t tmp_t:file { write getattr };
allow httpd_sys_script_t tmpfs_t:dir read;
allow httpd_sys_script_t tmpfs_t:filesystem getattr;

#============= httpd_t ==============
#!!!! This avc is allowed in the current policy

allow httpd_t httpd_sys_rw_content_t:sock_file unlink;
allow httpd_t self:capability { sys_admin ipc_owner };

#============= xdm_t ==============
#!!!! This avc can be allowed using the boolean 'allow_polyinstantiation'

allow xdm_t admin_home_t:dir read;
allow xdm_t admin_home_t:file read;

3)mono-project.com 提供的我存储测试 ASP.NET 文件的目录和文件上下文

# ls -Z /var/www/html/ASP-Portal/

drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 1.1
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 2.0
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 App_Code
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 controls
-rwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 extensions.dll
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 favicon.ico
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 global.asax
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 index.aspx
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 missing_components.aspx
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 mod-mono-server.exe.config
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 monobutton.png
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 mono.png
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 mono-powered-big.png
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 mono-xsp.css
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 sample.webapp
-rwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 ServiceClient.exe
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 small-icon.png
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 test
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 web.config
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 Web.sitemap
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 xsp.exe.config

4)消息文件状态:

# tail /var/log/messages

Aug 12 12:04:50 shadmin named[1356]: error (network unreachable) resolving 'ns1.isc.ultradns.net/A/IN': 2610:a1:1015::e8#53
Aug 12 12:04:50 shadmin named[1356]: error (network unreachable) resolving 'ns1.isc.ultradns.net/AAAA/IN': 2610:a1:1015::e8#53
Aug 12 13:04:50 shadmin named[1356]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::19#53
Aug 12 13:04:50 shadmin named[1356]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:71::30#53
Aug 12 13:04:50 shadmin named[1356]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:2c::254#53
Aug 12 13:04:51 shadmin named[1356]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::20#53
Aug 12 13:04:51 shadmin named[1356]: error (network unreachable) resolving 'pdns196.ultradns.biz/A/IN': 2001:503:7bbb:ffff:ffff:ffff:ffff:ff7e#53
Aug 12 13:04:51 shadmin named[1356]: error (network unreachable) resolving 'pdns196.ultradns.biz/AAAA/IN': 2001:500:3682::12#53
Aug 12 13:04:51 shadmin named[1356]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2a01:8840:8::1#53
Aug 12 13:04:52 shadmin named[1356]: error (network unreachable) resolving 'pdns196.ultradns.biz/A/IN': 2610:a1:1015::e8#53

5)httpd error_log 状态:

# tail /var/log/httpd/error_log

[Fri Aug 12 12:58:57 2016] [notice] Digest: generating secret for digest authentication ...
[Fri Aug 12 12:58:57 2016] [notice] Digest: done
[Fri Aug 12 12:58:57 2016] [notice] Apache/2.2.15 (Unix) DAV/2 mod_mono/2.10 configured -- resuming normal operations
Listening on: /tmp/mod_mono_server_global
Root directory: /
Listening on: /tmp/mod_mono_server_global
Root directory: /
Error: Address already in use
Listening on: /tmp/mod_mono_server_shadmin.shahu.com
Root directory: /var/www/html/ASP-Portal


注意:我的主机名是shahu.com我将演示 .NET 文件保存在/var/www/html/ASP-门户/
如果我遗漏了什么,请告诉我,谢谢。

答案1

我遇到了这个问题,结果是 .aspx 页面尝试访问的 .dll 文件的符号链接不正确。

答案2

如果我遗漏了什么,请告诉我,谢谢。

您遗漏了一些东西,谢谢。


不清楚你在这里问的是什么。你可以通过将 SELinux 置于宽容模式来排除 SELinux

setenforce 0

如果您遇到相同的问题,则 SELinux 不是问题所在,请在其他地方寻找解决方案。

如果您的问题得到解决,那么 SELinux 就是您痛苦的根源。以宽容的方式运行您的系统以收集 AVC 拒绝。完成此操作后,您应该查看 audit.log 并采取适当的措施。这可能很简单

cat audit.log | audit2allow -M mylocalpolicy
semodule -i mylocalpolicy.pp

或者您可能决定更改一些文件上下文,然后创建本地策略。或者...

相关内容