无法创建卷影副本 (CopyFile)
描述:HTTP 500。处理请求时出错
在我开始提问之前,下面是我之前的问题的链接,它是 503 错误,通过启用 seboolian 解决 httpd_execmem:
当 SELinux 强制执行时 Mono 崩溃,如何让 Mono 服务器在 SELinux 强制执行时工作?
现在,我被困住了——
1)当我尝试访问.aspx页面时:
# elinks --dump 127.0.0.1/ASP-Portal/index.aspx
Server Error in '/ASP-Portal' Application
Failed to create shadow copy (CopyFile).
Description: HTTP 500. Error processing request.
Stack Trace:
System.ExecutionEngineException: Failed to create shadow copy (CopyFile).
at (wrapper managed-to-native) System.Reflection.Assembly:LoadFrom (string,bool)
at System.Reflection.Assembly.LoadFrom (System.String assemblyFile) [0x00000] in <filename unknown>:0
at System.Web.Compilation.BuildManager.LoadAssembly (System.String path, System.Collections.Generic.List`1 al) [0x00000] in <filename unknown>:0
at System.Web.Compilation.BuildManager.GetReferencedAssemblies () [0x00000] in <filename unknown>:0
at System.Web.Compilation.AssemblyBuilder.BuildAssembly (System.Web.VirtualPath virtualPath, System.CodeDom.Compiler.CompilerParameters options) [0x00000] in <filename unknown>:0
at System.Web.Compilation.AssemblyBuilder.BuildAssembly (System.CodeDom.Compiler.CompilerParameters options) [0x00000] in <filename unknown>:0
at System.Web.Compilation.AppCodeAssembly.Build (System.String[] binAssemblies) [0x00000] in <filename unknown>:0
at System.Web.Compilation.AppCodeCompiler.Compile () [0x00000] in <filename unknown>:0
at System.Web.HttpApplicationFactory.InitType (System.Web.HttpContext context) [0x00000] in <filename unknown>:0
Version information: Mono Runtime Version: 2.10.2 (tarball Mon Aug 8
13:09:50 IST 2016); ASP.NET Version: 2.0.50727.1433
2)audit.log状态:
# cat /var/log/audit/audit.log | audit2allow
#============= httpd_sys_script_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t inotifyfs_t:dir read;
#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t self:process execmem;
allow httpd_sys_script_t tmp_t:file { write getattr };
allow httpd_sys_script_t tmpfs_t:dir read;
allow httpd_sys_script_t tmpfs_t:filesystem getattr;
#============= httpd_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_t httpd_sys_rw_content_t:sock_file unlink;
allow httpd_t self:capability { sys_admin ipc_owner };
#============= xdm_t ==============
#!!!! This avc can be allowed using the boolean 'allow_polyinstantiation'
allow xdm_t admin_home_t:dir read;
allow xdm_t admin_home_t:file read;
3)mono-project.com 提供的我存储测试 ASP.NET 文件的目录和文件上下文
# ls -Z /var/www/html/ASP-Portal/
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 1.1
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 2.0
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 App_Code
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 controls
-rwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 extensions.dll
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 favicon.ico
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 global.asax
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 index.aspx
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 missing_components.aspx
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 mod-mono-server.exe.config
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 monobutton.png
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 mono.png
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 mono-powered-big.png
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 mono-xsp.css
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 sample.webapp
-rwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 ServiceClient.exe
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 small-icon.png
drwxr-xr-x. root root system_u:object_r:httpd_sys_rw_content_t:s0 test
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 web.config
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 Web.sitemap
-rw-r--r--. root root system_u:object_r:httpd_sys_rw_content_t:s0 xsp.exe.config
4)消息文件状态:
# tail /var/log/messages
Aug 12 12:04:50 shadmin named[1356]: error (network unreachable) resolving 'ns1.isc.ultradns.net/A/IN': 2610:a1:1015::e8#53
Aug 12 12:04:50 shadmin named[1356]: error (network unreachable) resolving 'ns1.isc.ultradns.net/AAAA/IN': 2610:a1:1015::e8#53
Aug 12 13:04:50 shadmin named[1356]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::19#53
Aug 12 13:04:50 shadmin named[1356]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:71::30#53
Aug 12 13:04:50 shadmin named[1356]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:2c::254#53
Aug 12 13:04:51 shadmin named[1356]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::20#53
Aug 12 13:04:51 shadmin named[1356]: error (network unreachable) resolving 'pdns196.ultradns.biz/A/IN': 2001:503:7bbb:ffff:ffff:ffff:ffff:ff7e#53
Aug 12 13:04:51 shadmin named[1356]: error (network unreachable) resolving 'pdns196.ultradns.biz/AAAA/IN': 2001:500:3682::12#53
Aug 12 13:04:51 shadmin named[1356]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2a01:8840:8::1#53
Aug 12 13:04:52 shadmin named[1356]: error (network unreachable) resolving 'pdns196.ultradns.biz/A/IN': 2610:a1:1015::e8#53
5)httpd error_log 状态:
# tail /var/log/httpd/error_log
[Fri Aug 12 12:58:57 2016] [notice] Digest: generating secret for digest authentication ...
[Fri Aug 12 12:58:57 2016] [notice] Digest: done
[Fri Aug 12 12:58:57 2016] [notice] Apache/2.2.15 (Unix) DAV/2 mod_mono/2.10 configured -- resuming normal operations
Listening on: /tmp/mod_mono_server_global
Root directory: /
Listening on: /tmp/mod_mono_server_global
Root directory: /
Error: Address already in use
Listening on: /tmp/mod_mono_server_shadmin.shahu.com
Root directory: /var/www/html/ASP-Portal
注意:我的主机名是shahu.com我将演示 .NET 文件保存在/var/www/html/ASP-门户/
如果我遗漏了什么,请告诉我,谢谢。
答案1
我遇到了这个问题,结果是 .aspx 页面尝试访问的 .dll 文件的符号链接不正确。
答案2
如果我遗漏了什么,请告诉我,谢谢。
您遗漏了一些东西,谢谢。
不清楚你在这里问的是什么。你可以通过将 SELinux 置于宽容模式来排除 SELinux
setenforce 0
如果您遇到相同的问题,则 SELinux 不是问题所在,请在其他地方寻找解决方案。
如果您的问题得到解决,那么 SELinux 就是您痛苦的根源。以宽容的方式运行您的系统以收集 AVC 拒绝。完成此操作后,您应该查看 audit.log 并采取适当的措施。这可能很简单
cat audit.log | audit2allow -M mylocalpolicy
semodule -i mylocalpolicy.pp
或者您可能决定更改一些文件上下文,然后创建本地策略。或者...