SELinux Preventing Apache Start

selinux

Solution 1:

List the current security context of the file:

# ls -lrtZ /full/path/to/mod_jk.so

Compare the output with the expected context for that path:

# matchpathcon /full/path/to/mod_jk.so

Restore the expected security context of the file:

# restorecon -v /full/path/to/mod_jk.so

Restart the web server and check for new AVC denials:

# ausearch -m avc -ts recent

Solution 2:

Ran across this same issue on a Centos 7 machine with HTTPD 2.4. Took me a while, but dug up an old redhat bug report from 2007 (https://bugzilla.redhat.com/show_bug.cgi?id=225452) which solved it.

The solution (in my case):

Modify your jk.conf file in /etc/httpd/conf.d/ to write the Shm Files to /var/run/mod_jk instead of /var/log/httpd/mod_jk.shm e.g.

JkWorkersFile /etc/httpd/conf.d/workers.properties
JkShmFile     /var/run/mod_jk
JkLogFile     /var/log/httpd/mod_jk.log
JkLogLevel    info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

No need to set SELinux to permissive

Solution 3:

By this command i am able to run mod_jk in httpd:

# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Related

Proliant raid controller in a PC
What's the benefit of using asymmetric keys over passwords?
How can I find other domains hosted on an IP?
postfix - how to prevent users from sending with another users name
Disable HTTPS for a domain that shares IP with another domain that is under HTTPS
Apache security
SATA hdd errors
IP tables - changes not persisting
How can I push a local Git branch to a remote with a different name easily?
Map enum in JPA with fixed values?
What do @, - and + do as prefixes to recipe lines in Make?
How do I catch a numpy warning like it's an exception (not just for testing)?