Ruby on rails 乘客/mod_rails在启动Apache时无法在Fedora 12中初始化
我正在使用Passenger设置服务器,在Fedora12上运行RubyonRails应用程序 我已经安装了Passenger,并按照规定进行了设置,但在重新启动Apache时出现以下错误:Ruby on rails 乘客/mod_rails在启动Apache时无法在Fedora 12中初始化,ruby-on-rails,passenger,fedora,mod-rails,Ruby On Rails,Passenger,Fedora,Mod Rails,我正在使用Passenger设置服务器,在Fedora12上运行RubyonRails应用程序 我已经安装了Passenger,并按照规定进行了设置,但在重新启动Apache时出现以下错误: [Wed Jan 13 15:41:38 2010] [notice] caught SIGTERM, shutting down [Wed Jan 13 15:41:40 2010] [notice] SELinux policy enabled; httpd running as context unc
[Wed Jan 13 15:41:38 2010] [notice] caught SIGTERM, shutting down
[Wed Jan 13 15:41:40 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Jan 13 15:41:40 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [notice] Digest: generating secret for digest authentication ...
[Wed Jan 13 15:41:40 2010] [notice] Digest: done
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [error] python_init: Python version mismatch, expected '2.6', found '2.6.2'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python executable found '/usr/bin/python'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python path being used '/usr/lib/python26.zip:/usr/lib/python2.6/:/usr/lib/python2.6/plat-linux2:/usr/lib/python2.6/lib-tk:/usr/lib/python2.6/lib-old:/usr/lib/python2.6/lib-dynload'.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: using mutex_directory /tmp
[Wed Jan 13 15:41:40 2010] [notice] Apache/2.2.14 (Unix) DAV/2 Phusion_Passenger/2.2.9 PHP/5.3.0 mod_python/3.3.1 Python/2.6.2 mod_ssl/2.2.14 OpenSSL/1.0.0-fips-beta3 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
d-ws--x--x. 2 root root 4096 2010-01-13 16:04 passenger.26117
mongrel\u rails start-e production直接启动mongrel来运行应用程序,我会看到以下内容:
ActiveRecord::StatementInvalid (Mysql::Error: Can't create/write to file '/tmp/#sql_5d3_0.MYI' (Errcode: 13): SHOW FIELDS FROM `users`):
yum install setroubleshoot
echo > /var/log/audit/audit.log # clear irrelevant errors
cd ~
service httpd restart # try booting passenger -- audit.log now shows the relevant permission errors
tail -f /var/log/httpd/error_log # check that passenger is still failing due to permission errors
sealert -a /var/log/audit/audit.log > selinux-diag.txt # translate the permission errors
# read and check that you are happy with selinux-diag.txt
# and either follow its specific advice, or if it just wants you to grep into audit2allow, then:
cat /var/log/audit/audit.log | audit2allow -M mypol # grant everything just denied
semodule -i mypol.p # commit new permissions
错误再次指向/tmp目录的权限问题
我不知道解决办法是什么。我不确定这是否仅仅与目录权限或Fedora的SELinux安全性有关
任何帮助都将不胜感激。谢谢。在启动前运行setEnforce0
可以让您测试它是否为SELinux。不要忘记在之后运行setEnforce1
。我在CentOS 5.4中遇到了同样的问题,SELinux妨碍了乘客
将PassengerTempDir设置为/var/run/passenger只会在新目录而不是/tmp中出现相同的权限错误:
[Mon Feb 22 11:42:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create directory '/var/run/passenger/passenger.3686'
然后,我可以更改/var/run/passenger的安全上下文以克服此错误:
chcon -R -h -t httpd_sys_content_t /var/run/passenger/
…这允许Passenger创建临时目录,但不能创建该目录中的文件:
[Mon Feb 22 12:07:06 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /var/run/passenger/passenger.3686/.guard: Permission denied (13)
奇怪的是,再次运行递归chcon并没有克服这个错误,它一直在这一点上消失,这就是我的SELinux知识变得模糊的地方
第6.3.5节和第6.3.7节有一些有用的想法,但它们似乎不能完全解决问题。您需要的不仅仅是httpd系统内容许可。我使用以下技术开始工作:
- 在审计日志上开始一个尾部:
tail-f/var/log/audit/audit.log
- 重新加载apache:
apachectl重新启动
- 转到/tmp/目录:
cd/tmp
- 如果只添加了一行,请使用命令:
tail-1/var/log/audit/audit.log | audit2allow-M httpdfinfo
- 请注意,名称“httpdfifo”只是一个用来反映已观察到的错误类型的名称
- 这将创建一个名为“httpdfinfo.pp”的文件。要允许apache在发出命令后从此处创建FIFO:
semodule-i httpdfinfo.pp
- 继续执行此操作,直到所有审核错误都已解决(在运行Centos 5.4的系统上需要4种不同的权限)
我和弗雷德做的一样,只是一次只做一个错误:
通过运行setEnforce0进入许可模式
重新启动apache,点击您的站点,像往常一样使用它一段时间
运行grep httpd/var/log/audit/audit.log | audit2allow-M passenger
semodule-i passenger.pp
通过运行setEnforce1
重新启动apache并测试您的站点-希望它能像以前一样工作
请注意,这基本上是帮助中程序的一个具体示例-请查看。我尝试了Dan Sketcher和Fred Appleman的建议,即重复以下步骤:
ActiveRecord::StatementInvalid (Mysql::Error: Can't create/write to file '/tmp/#sql_5d3_0.MYI' (Errcode: 13): SHOW FIELDS FROM `users`):
yum install setroubleshoot
echo > /var/log/audit/audit.log # clear irrelevant errors
cd ~
service httpd restart # try booting passenger -- audit.log now shows the relevant permission errors
tail -f /var/log/httpd/error_log # check that passenger is still failing due to permission errors
sealert -a /var/log/audit/audit.log > selinux-diag.txt # translate the permission errors
# read and check that you are happy with selinux-diag.txt
# and either follow its specific advice, or if it just wants you to grep into audit2allow, then:
cat /var/log/audit/audit.log | audit2allow -M mypol # grant everything just denied
semodule -i mypol.p # commit new permissions
但在这样做了5到6次之后,我不断遇到新的错误,甚至在我尝试使用“audit2allow”允许它们之后,仍然出现了一些相同的错误
最后,我关闭了SELinux,并使用:
echo 0 >/selinux/enforce
非常感谢。看起来像是塞利努克斯。在重新启动Apache之前运行setEnforce0
,导致应用程序运行。有什么我可以看不禁用SELinux,我认为这不是一个好主意,禁用,但让我的应用程序运行,使其启用?<代码> Audit2>为什么和<代码> AudiT2Alp允许可以帮助你想出一个SELinux政策,允许访问,但我会考虑把文件放在别处,例如/ var /运行/乘客,还有,我想您是在建议将Apache配置中应用程序虚拟主机中的PassengerTempDir设置为/var/run/passer。乘客:珀特:基本上我也在那里。最后,我关闭了SELinux以使事情正常进行。不太理想,但现在可以。我得出了完全相同的结论。