[英]Boot Apache with Passenger/mod_rails successfully when Fedora starts up
[英]Passenger/mod_rails fails to initialize in Fedora 12 when starting Apache
我正在使用Passenger設置服務器以在Fedora 12上運行Ruby on Rails應用程序。
我正處於安裝Passenger的階段,按規定進行設置,但在重新啟動Apache時出現以下錯誤:
[Wed Jan 13 15:41:38 2010] [notice] caught SIGTERM, shutting down
[Wed Jan 13 15:41:40 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Jan 13 15:41:40 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [notice] Digest: generating secret for digest authentication ...
[Wed Jan 13 15:41:40 2010] [notice] Digest: done
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [error] python_init: Python version mismatch, expected '2.6', found '2.6.2'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python executable found '/usr/bin/python'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python path being used '/usr/lib/python26.zip:/usr/lib/python2.6/:/usr/lib/python2.6/plat-linux2:/usr/lib/python2.6/lib-tk:/usr/lib/python2.6/lib-old:/usr/lib/python2.6/lib-dynload'.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: using mutex_directory /tmp
[Wed Jan 13 15:41:40 2010] [notice] Apache/2.2.14 (Unix) DAV/2 Phusion_Passenger/2.2.9 PHP/5.3.0 mod_python/3.3.1 Python/2.6.2 mod_ssl/2.2.14 OpenSSL/1.0.0-fips-beta3 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
如您所見,Passenger嘗試初始化時存在權限問題:
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
當Apache啟動時,它會在/ tmp中創建一個文件:
d-ws--x--x. 2 root root 4096 2010-01-13 16:04 passenger.26117
如果我通過直接使用mongrel_rails start -e production
mongrel來運行應用程序,我會看到以下內容:
ActiveRecord::StatementInvalid (Mysql::Error: Can't create/write to file '/tmp/#sql_5d3_0.MYI' (Errcode: 13): SHOW FIELDS FROM `users`):
同樣,錯誤指向/ tmp目錄的權限問題。
我不知道解決方案是什么。 我不確定它是否與簡單的目錄權限或Fedora的SELinux安全性有關。
任何幫助,將不勝感激。 謝謝。
我和Fred做了同樣的事情,不過一次只做一次錯誤:
setenforce 0
進入許可模式 grep httpd /var/log/audit/audit.log | audit2allow -M passenger
grep httpd /var/log/audit/audit.log | audit2allow -M passenger
semodule -i passenger.pp
setenforce 1
返回執行模式 請注意,這基本上是Centos SELinux幫助程序的一個具體示例 - 請查看它。
我在CentOS 5.4中遇到了同樣的問題,SELinux妨礙了Passenger。
將PassengerTempDir設置為/ var / run / passenger只會在新目錄中提供相同的權限錯誤,而不是/ tmp:
[Mon Feb 22 11:42:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create directory '/var/run/passenger/passenger.3686'
然后我可以更改/ var / run / passenger的安全上下文以通過此錯誤:
chcon -R -h -t httpd_sys_content_t /var/run/passenger/
...那讓Passenger創建臨時目錄,但不能創建該目錄中的文件:
[Mon Feb 22 12:07:06 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /var/run/passenger/passenger.3686/.guard: Permission denied (13)
奇怪的是,再次運行遞歸chcon並沒有超過這個錯誤,它在這一點上一直在死,這就是我的SELinux知識變得模糊的地方。
Phusion Passenger指南第6.3.5和6.3.7節有一些有用的想法,但它們似乎並沒有完全解決問題。
您需要的不僅僅是httpd_sys_content_t權限。 我使用以下技術來開始:
tail -f /var/log/audit/audit.log
apachectl restart
cd /tmp
tail -1 /var/log/audit/audit.log | audit2allow -M httpdfifo
tail -1 /var/log/audit/audit.log | audit2allow -M httpdfifo
semodule -i httpdfifo.pp
在啟動之前運行setenforce 0
將讓您測試它是否是SELinux。 不要忘記之后運行setenforce 1
。
我嘗試了Dan Sketcher和Fred Appleman的建議,即重復以下內容:
yum install setroubleshoot
echo > /var/log/audit/audit.log # clear irrelevant errors
cd ~
service httpd restart # try booting passenger -- audit.log now shows the relevant permission errors
tail -f /var/log/httpd/error_log # check that passenger is still failing due to permission errors
sealert -a /var/log/audit/audit.log > selinux-diag.txt # translate the permission errors
# read and check that you are happy with selinux-diag.txt
# and either follow its specific advice, or if it just wants you to grep into audit2allow, then:
cat /var/log/audit/audit.log | audit2allow -M mypol # grant everything just denied
semodule -i mypol.p # commit new permissions
但這樣做的5〜6倍后,我一直來面對新的錯誤, 以及一些同樣的錯誤圍上來即使我曾試圖使他們與“audit2allow”。
最后我關閉了SELinux,其中包括:
echo 0 >/selinux/enforce
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.