[英]Boot Apache with Passenger/mod_rails successfully when Fedora starts up
[英]Passenger/mod_rails fails to initialize in Fedora 12 when starting Apache
我正在使用Passenger设置服务器以在Fedora 12上运行Ruby on Rails应用程序。
我正处于安装Passenger的阶段,按规定进行设置,但在重新启动Apache时出现以下错误:
[Wed Jan 13 15:41:38 2010] [notice] caught SIGTERM, shutting down
[Wed Jan 13 15:41:40 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Jan 13 15:41:40 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [notice] Digest: generating secret for digest authentication ...
[Wed Jan 13 15:41:40 2010] [notice] Digest: done
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [error] python_init: Python version mismatch, expected '2.6', found '2.6.2'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python executable found '/usr/bin/python'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python path being used '/usr/lib/python26.zip:/usr/lib/python2.6/:/usr/lib/python2.6/plat-linux2:/usr/lib/python2.6/lib-tk:/usr/lib/python2.6/lib-old:/usr/lib/python2.6/lib-dynload'.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: using mutex_directory /tmp
[Wed Jan 13 15:41:40 2010] [notice] Apache/2.2.14 (Unix) DAV/2 Phusion_Passenger/2.2.9 PHP/5.3.0 mod_python/3.3.1 Python/2.6.2 mod_ssl/2.2.14 OpenSSL/1.0.0-fips-beta3 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
如您所见,Passenger尝试初始化时存在权限问题:
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
当Apache启动时,它会在/ tmp中创建一个文件:
d-ws--x--x. 2 root root 4096 2010-01-13 16:04 passenger.26117
如果我通过直接使用mongrel_rails start -e production
mongrel来运行应用程序,我会看到以下内容:
ActiveRecord::StatementInvalid (Mysql::Error: Can't create/write to file '/tmp/#sql_5d3_0.MYI' (Errcode: 13): SHOW FIELDS FROM `users`):
同样,错误指向/ tmp目录的权限问题。
我不知道解决方案是什么。 我不确定它是否与简单的目录权限或Fedora的SELinux安全性有关。
任何帮助,将不胜感激。 谢谢。
我和Fred做了同样的事情,不过一次只做一次错误:
setenforce 0
进入许可模式 grep httpd /var/log/audit/audit.log | audit2allow -M passenger
grep httpd /var/log/audit/audit.log | audit2allow -M passenger
semodule -i passenger.pp
setenforce 1
返回执行模式 请注意,这基本上是Centos SELinux帮助程序的一个具体示例 - 请查看它。
我在CentOS 5.4中遇到了同样的问题,SELinux妨碍了Passenger。
将PassengerTempDir设置为/ var / run / passenger只会在新目录中提供相同的权限错误,而不是/ tmp:
[Mon Feb 22 11:42:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create directory '/var/run/passenger/passenger.3686'
然后我可以更改/ var / run / passenger的安全上下文以通过此错误:
chcon -R -h -t httpd_sys_content_t /var/run/passenger/
...那让Passenger创建临时目录,但不能创建该目录中的文件:
[Mon Feb 22 12:07:06 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /var/run/passenger/passenger.3686/.guard: Permission denied (13)
奇怪的是,再次运行递归chcon并没有超过这个错误,它在这一点上一直在死,这就是我的SELinux知识变得模糊的地方。
Phusion Passenger指南第6.3.5和6.3.7节有一些有用的想法,但它们似乎并没有完全解决问题。
您需要的不仅仅是httpd_sys_content_t权限。 我使用以下技术来开始:
tail -f /var/log/audit/audit.log
apachectl restart
cd /tmp
tail -1 /var/log/audit/audit.log | audit2allow -M httpdfifo
tail -1 /var/log/audit/audit.log | audit2allow -M httpdfifo
semodule -i httpdfifo.pp
在启动之前运行setenforce 0
将让您测试它是否是SELinux。 不要忘记之后运行setenforce 1
。
我尝试了Dan Sketcher和Fred Appleman的建议,即重复以下内容:
yum install setroubleshoot
echo > /var/log/audit/audit.log # clear irrelevant errors
cd ~
service httpd restart # try booting passenger -- audit.log now shows the relevant permission errors
tail -f /var/log/httpd/error_log # check that passenger is still failing due to permission errors
sealert -a /var/log/audit/audit.log > selinux-diag.txt # translate the permission errors
# read and check that you are happy with selinux-diag.txt
# and either follow its specific advice, or if it just wants you to grep into audit2allow, then:
cat /var/log/audit/audit.log | audit2allow -M mypol # grant everything just denied
semodule -i mypol.p # commit new permissions
但这样做的5〜6倍后,我一直来面对新的错误, 以及一些同样的错误围上来即使我曾试图使他们与“audit2allow”。
最后我关闭了SELinux,其中包括:
echo 0 >/selinux/enforce
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.