httpd running as context unconfined_u:system_r:httpd_t:s0 (SELinux is in Permissive)
9,573
I was able to locate actual issue here...
[Thu Nov 03 10:16:37 2016] [error] Unable to configure RSA server private key
[Thu Nov 03 10:16:37 2016] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
after I restored backup of ssl key, httpd
starts without any issues)
Related videos on Youtube
Author by
alexus
Consulting | alexus.biz Dmitry Chorine | LinkedIn a1exus (a1exus) on Twitter Verify a Red Hat Certified Professional | redhat.com
Updated on September 18, 2022Comments
-
alexus over 1 year
I'm experiencing an issue starting
httpd
:# service httpd status httpd is stopped # service httpd start Starting httpd: [Tue Nov 01 12:02:53 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [FAILED] # tail /var/log/httpd/error_log [Tue Nov 01 12:59:57 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [Tue Nov 01 13:00:11 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [Tue Nov 01 13:00:11 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 13:00:49 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [Tue Nov 01 13:05:15 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [Tue Nov 01 13:05:15 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 14:38:56 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 [Tue Nov 01 14:40:38 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 [Tue Nov 01 14:59:55 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0 [Tue Nov 01 15:00:40 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 # cat /var/log/httpd/error_log | grep -v 'SELinux policy enabled' [Tue Nov 01 12:30:07 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 12:30:52 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 12:31:17 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 12:31:35 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 12:31:43 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 12:32:10 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 12:38:22 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 13:00:11 2016] [info] Init: Initialized OpenSSL library [Tue Nov 01 13:05:15 2016] [info] Init: Initialized OpenSSL library # getenforce Permissive # httpd -t Syntax OK # httpd -e debug -k start [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module authz_host_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module log_config_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module setenvif_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module mime_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module autoindex_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module negotiation_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module dir_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module alias_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module rewrite_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module proxy_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module proxy_http_module [Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module ssl_module # echo $? 1 # run_init service httpd start Authenticating root. Password: Starting httpd: [FAILED] #
My environment:
# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.8 (Santiago) # uname -a Linux X 2.6.32-642.6.1.el6.x86_64 #1 SMP Thu Aug 25 12:42:19 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux # rpm -q httpd httpd-2.2.15-54.el6_8.x86_64 #
Please advice.
-
Admin over 7 years@derfk I'm going try to bump logging to debug and get exact message where it fails, however since
SELinux
is inPermissive
, it shouldn't fail due toSELinux
. -
Admin over 7 yearsOn RHEL 6 and earlier, when manually starting services you need to use
run_init
to start services with the correct SELinux contexts, e.g.run_init service httpd restart
. This is no longer required beginning with RHEL 7. But I suspect whatever your problem is probably isn't related to SELinux. -
Admin over 7 years@MichaelHampton I updated my question with output with
run_init
, but I agree, I don't think it'sSELinux
related. -
Admin over 7 yearsAs you see, that cleared the SELinux notice, but it's still failing to start. What else is in the apache logs?
-
Admin over 7 years@MichaelHampton last message is same as before
SELinux policy enabled
. -
Admin over 7 yearsWhat else is in the apache logs?
-