启动Apache时,Passenger / mod_rails无法在Fedora 12中初始化

时间:2010-01-13 05:02:17

标签: ruby-on-rails passenger fedora mod-rails

我正在使用Passenger设置服务器以在Fedora 12上运行Ruby on Rails应用程序。

我正处于安装Passenger的阶段,按规定进行设置,但在重启Apache时出现以下错误:

[Wed Jan 13 15:41:38 2010] [notice] caught SIGTERM, shutting down
[Wed Jan 13 15:41:40 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Jan 13 15:41:40 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [notice] Digest: generating secret for digest authentication ...
[Wed Jan 13 15:41:40 2010] [notice] Digest: done
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [error] python_init: Python version mismatch, expected '2.6', found '2.6.2'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python executable found '/usr/bin/python'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python path being used '/usr/lib/python26.zip:/usr/lib/python2.6/:/usr/lib/python2.6/plat-linux2:/usr/lib/python2.6/lib-tk:/usr/lib/python2.6/lib-old:/usr/lib/python2.6/lib-dynload'.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: using mutex_directory /tmp 
[Wed Jan 13 15:41:40 2010] [notice] Apache/2.2.14 (Unix) DAV/2 Phusion_Passenger/2.2.9 PHP/5.3.0 mod_python/3.3.1 Python/2.6.2 mod_ssl/2.2.14 OpenSSL/1.0.0-fips-beta3 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations

如您所见,Passenger尝试初始化时存在权限问题:

[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)

当Apache启动时,它会在/ tmp:

中创建一个文件 
d-ws--x--x. 2 root  root  4096 2010-01-13 16:04 passenger.26117

如果我通过直接用mongrel_rails start -e production启动 mongrel 来运行应用程序,我会看到以下内容:

ActiveRecord::StatementInvalid (Mysql::Error: Can't create/write to file '/tmp/#sql_5d3_0.MYI' (Errcode: 13): SHOW FIELDS FROM `users`):

此错误再次指向 / tmp 目录的权限问题。

我不知道解决方案是什么。我不确定它是否与简单的目录权限或Fedora的SELinux安全性有关。

任何帮助将不胜感激。感谢。

5 个答案:

答案 0 :(得分:13)

我和Fred做了同样的事情,除了不是一次只做一次错误:

  1. 运行setenforce 0
    2. 进入许可模式
  2. 重新启动apache,点击您的网站并正常使用
  3. 运行grep httpd /var/log/audit/audit.log | audit2allow -M passenger
  4. semodule -i passenger.pp
  5. 运行setenforce 1
    6. 返回执行模式
  6. 重启apache并测试你的网站 - 希望它一切都像以前一样工作!

    7. 请注意,这基本上是Centos SELinux帮助程序的具体示例 - 请查看。

答案 1 :(得分:3)

我在CentOS 5.4中遇到同样的问题,SELinux妨碍了Passenger。

将PassengerTempDir设置为/ var / run / passenger只会在新目录中提供相同的权限错误,而不是/ tmp:

[Mon Feb 22 11:42:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create directory '/var/run/passenger/passenger.3686'

然后我可以更改/ var / run / passenger的安全上下文以通过此错误:

chcon -R -h -t httpd_sys_content_t /var/run/passenger/

...让Passenger创建临时目录,但不创建该目录中的文件:

[Mon Feb 22 12:07:06 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /var/run/passenger/passenger.3686/.guard: Permission denied (13)

奇怪的是,再次运行递归chcon并没有超过这个错误,它在这一点上一直在死,这就是我的SELinux知识变得模糊的地方。

Phusion Passenger guide部分6.3.5和6.3.7有一些有用的想法,但它们似乎并没有完全解决问题。

答案 2 :(得分:3)

您需要的不仅仅是httpd_sys_content_t权限。我使用以下技术来开始:

  • 在审核日志上开始尾随:tail -f /var/log/audit/audit.log
  • 重新加载apache:apachectl restart
  • 转到/ tmp /目录:cd /tmp
  • 如果仅添加一行,请使用命令:tail -1 /var/log/audit/audit.log | audit2allow -M httpdfifo
  • 请注意,名称“httpdfifo”只是一个名称,用于反映已观察到的错误类型。
  • 这将创建一个名为“httpdfifo.pp”的文件。在必须发出命令后,允许apache从此处创建FIFO:semodule -i httpdfifo.pp
  • 继续执行此操作,直到所有审核错误都得到解决(我的系统运行Centos 5.4需要4种不同的权限)

答案 3 :(得分:2)

在开始之前运行setenforce 0将让您测试它是否是SELinux。不要忘记之后运行setenforce 1

答案 4 :(得分:0)

我尝试了Dan Sketcher和Fred Appleman建议的内容,即重复以下内容:

yum install setroubleshoot
echo > /var/log/audit/audit.log # clear irrelevant errors
cd ~
service httpd restart # try booting passenger -- audit.log now shows the relevant permission errors
tail -f /var/log/httpd/error_log # check that passenger is still failing due to permission errors
sealert -a /var/log/audit/audit.log > selinux-diag.txt # translate the permission errors
# read and check that you are happy with selinux-diag.txt 
# and either follow its specific advice, or if it just wants you to grep into audit2allow, then:
cat /var/log/audit/audit.log | audit2allow -M mypol  # grant everything just denied
semodule -i mypol.p # commit new permissions

但是在做了5到6次之后,我不断遇到新的错误,甚至在我尝试使用“audit2allow”允许它们之后出现了一些相同的错误。

最后我关闭了SELinux,其中包括:

echo 0 >/selinux/enforce
相关问题
最新问题