View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015680 | CentOS-7 | kernel | public | 2019-01-09 09:37 | 2020-06-01 20:35 |
Reporter | agnaeux | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 7.6.1810 | ||||
Summary | 0015680: SeLinux Kernel (3.10.0-957.1.3) error | ||||
Description | I found an issue with the new kernel which block map access to /dev/zero for the pagespeed module. Here are the log : Audit.log : type=AVC msg=audit(1547031688.122:94): avc: denied { map } for pid=5257 comm="httpd" path="/dev/zero" dev="devtmpfs" ino=1030 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file permissive=0 http error log : [Wed Jan 09 10:24:37.481133 2019] [pagespeed:error] [pid 5429] [mod_pagespeed 1.13.35.2-0 @5429] Failed to mkdir /var/cache/mod_pagespeed/ purge /dBBL9jpbx73YIVsEhxe2.outputlock: No such file or directory audit2allow : # src="httpd_t" tgt="zero_device_t" class="chr_file", perms="map" # comm="httpd" exe="" path="/dev/zero" allow httpd_t zero_device_t:chr_file map; I did not have this issue with the older kernel (3.10.0-862.14.4) | ||||
Steps To Reproduce | Purge the pagespeed cache | ||||
Tags | No tags attached. | ||||
abrt_hash | |||||
URL | |||||
Could it be related to https://bugzilla.redhat.com/show_bug.cgi?id=1700758 ? # ausearch -c 'httpd' --raw | audit2allow -M my-httpd # semodule -X 300 -i my-httpd.pp The above incantations seems do do the trick. |
|
I like to add that if I want to use page speed on Plesk I have to disable SELinux currently. This disables a part of the security of the OS. Can we get an ETA when this can be fixed? I know page speed is technically a feature and not needed to run Plesk or a Web server. Lately, Google search console is measuring page load speed and its feature is slowly becoming more important in the website's world. Has anyone tested CentOS 8 with this? |
|
We don't support systems with Plesk installed at all. However, perhaps you can fix it by reading the following links Useful resources for SELinux: http://wiki.centos.org/HowTos/SELinux | http://wiki.centos.org/TipsAndTricks/SelinuxBooleans | http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ | http://www.youtube.com/watch?v=bQqX3RWn0Yw | http://opensource.com/business/13/11/selinux-policy-guide | http://freecomputerbooks.com/The-SELinux-Notebook-The-Foundations.html |
|
Hello. I don't use plesk and I experince the same problem. Can you maybe give any suggestion other than disabling selinux? Thank you. [root@centos ~]# uname -msr Linux 3.10.0-1127.8.2.el7.x86_64 x86_64 [root@centos ~]# lsb_release LSB Version: :core-4.1-amd64:core-4.1-noarch [root@centos ~]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.8.2003 (Core) Release: 7.8.2003 Codename: Core [root@centos ~]# |
|
This's the log attached | |
Given that mod_pagespeed is not provided by CentOS, lack of proper built-in support is not much of a surprise. The only way forward is to move this discussion to bugzilla.redhat.com and persuade the RH maintainers of the selinux packages to include support for it. | |
Date Modified | Username | Field | Change |
---|---|---|---|
2019-01-09 09:37 | agnaeux | New Issue | |
2019-04-30 16:19 | leifh | Note Added: 0034408 | |
2019-12-25 12:40 | steamon | Note Added: 0035890 | |
2019-12-26 12:17 | TrevorH | Note Added: 0035896 | |
2020-06-01 19:36 | benyaminl | Note Added: 0037014 | |
2020-06-01 19:59 | benyaminl | File Added: audit+error_log.zip | |
2020-06-01 19:59 | benyaminl | Note Added: 0037015 | |
2020-06-01 20:35 | ManuelWolfshant | Note Added: 0037016 |