Solved: Is SElinux cause of my trouble?

8 posts / 0 new
Last post
#1 Sun, 10/28/2018 - 08:09
TheRavenKing

Solved: Is SElinux cause of my trouble?

Hi All, I am a real newbie, so please forgive I am in the wrong forum or do something not as required:

I have setup a new virtualmin server on ESXi with CentOS v7.5 64 bits, just run the installer script and added some extras with yum as i need the vmware tools running. I got this weird problem that I can't run the phpinfo file I uploaded with the file manager in the new virtual server. all filerights and owner are ok, as the file manger is doing a perfect job, so far I am really pleased with Virtualmin. But, no where in the documentation or any website on the www with install instructions I could find that I needed to disable SElinux before starting an installation. After installation I checked the /etc/selinux/conf file and all rows are marked # I think that means it is allowing running, the errors showing as well that the SElinux policy is enabled. I assumed the installer script is doing this?

When I go to the new website and try to get the php info, there is a blank page when i run it [ url/phpinfo.php ] and these are the only errors I can find. In Virtualmin, Log and Reports, Apache error log, its empty, I tried Apache and MySql restart nothing changed either, these errors where in CSF to view.

I also migrated a cPanel account and had same problem, I have no idea how to fix this...

System Info:
Operating system CentOS Linux 7.5.1804
Perl version 5.016003
Path to Perl /usr/bin/perl
BIND version 9.9
Postfix version 2.10.1
Mail injection command /usr/lib/sendmail -t
Apache version 2.4.6
PHP versions 5.4.16, 7.0.27
Logrotate version 3.8.6
MySQL version 5.5.60-MariaDB
ProFTPD version 1.35
SpamAssassin version 3.4.0
ClamAV version 0.100.2

Sun Oct 28 12:18:13 2018 (9679): Fatal Error Unable to create lock file: Bad file descriptor (9)
Sun Oct 28 12:18:40 2018 (9724): Fatal Error Unable to create lock file: Bad file descriptor (9)
Sun Oct 28 12:21:06 2018 (11221): Fatal Error Unable to create lock file: Bad file descriptor (9)
Sun Oct 28 12:27:03 2018 (15512): Fatal Error Unable to create lock file: Bad file descriptor (9)
Sun Oct 28 12:27:04 2018 (15536): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Sun Oct 28 12:30:57.078777 2018] [mpm_prefork:notice] [pid 64538] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Oct 28 12:30:59.371840 2018] [core:notice] [pid 18340] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sun Oct 28 12:30:59.373490 2018] [suexec:notice] [pid 18340] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Oct 28 12:30:59.423717 2018] [auth_digest:notice] [pid 18340] AH01757: generating secret for digest authentication ...
[Sun Oct 28 12:30:59.425048 2018] [lbmethod_heartbeat:notice] [pid 18340] AH02282: No slotmem from mod_heartmonitor
[Sun Oct 28 12:30:59.478920 2018] [mpm_prefork:notice] [pid 18340] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 configured -- resuming normal operations
[Sun Oct 28 12:30:59.478966 2018] [core:notice] [pid 18340] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Oct 28 12:36:12.592659 2018] [mpm_prefork:notice] [pid 18340] AH00171: Graceful restart requested, doing restart
[Sun Oct 28 12:36:12.817970 2018] [auth_digest:notice] [pid 18340] AH01757: generating secret for digest authentication ...
[Sun Oct 28 12:36:12.819436 2018] [lbmethod_heartbeat:notice] [pid 18340] AH02282: No slotmem from mod_heartmonitor
Sun, 10/28/2018 - 09:26
Jfro

If so look here in comment about the selinux.

Not virtualmin but ? https://codeit.guru/en_US/2018/10/apache-httpd-2-4-37-tls-1-3-brotli-alp...

Also look how php error logs....

and https://anandarajpandey.com/2016/02/18/solved-fatal-error-unable-to-crea...

or a tmp user rights

Sun, 10/28/2018 - 09:42
TheRavenKing

Thanks, does that mean that Selinux is by default enabled on Virtualmin???

I checked the file limites, but it looks ok to me, enough files:

cat /proc/sys/fs/file-max
380558
Sun, 10/28/2018 - 10:12
andreychek

Howdy,

Hmm, I don't suspect that's an SELinux issue you're seeing, though ensuring it's disabled wouldn't hurt. You can see the current status with "sestatus", and you can temporarily disable it with "setenforce 0".

Are there any limits setup in /etc/security/limits.conf? That might be something to check.

Also, is this a VPS? If so, is it running OpenVZ? If so, can you paste in the contents of your /proc/user_beancounters file? That will show your current resource limits, and whether there's any failures.

You could also try adding in a regular .html file into your public_html folder, and see if that's accessible.

If the .html file works -- it looks like you have two different PHP versions available, you could try switching to a different PHP version for this domain, and see if the other PHP version works.

-Eric

Sun, 10/28/2018 - 10:17
Jfro

https://duckduckgo.com/html?q=Selinux%20is%20by%20default%20enabled%20on... https://github.com/virtualmin/Virtualmin-Config/issues/1

default don't know. CENTOS 7 YUP https://linuxize.com/post/how-to-disable-selinux-on-centos-7/

Check the SELinux Status

To view the current SELinux status and the SELinux policy that is being used on your system you can use the sestatus command
Sun, 10/28/2018 - 12:07
TheRavenKing

@andreychek

It's a VPS on VMware ESXi v5.5 version, no OpenVZ,

SELinux status:                 enabled                                                         
SELinuxfs mount:                /sys/fs/selinux                                                 
SELinux root directory:         /etc/selinux                                                    
Loaded policy name:             targeted                                                        
Current mode:                   permissive                                                      
Mode from config file:          disabled                                                        
Policy MLS status:              enabled                                                         
Policy deny_unknown status:     allowed                                                         
Max kernel policy version:      31

/etc/security/limits.conf this file is empty

Virtualmin comes by default install with 2 PHP versions it seems, swapping is not solving the problem, just to let you know, I migrated a cPanel and that contained a Wordpress website, which works normal. I then deleted the Virtual server, created it again and installed TYPO3 version 4.5 as that requires PHP 5.4 which comes as a option, swapped to that PHP version and was able to install and login this website, it uses the file index.php. an ordinary Index.html file works fine as well. But not my phpinfo.php file with this content.

<?
phpinfo();
?>
Sun, 10/28/2018 - 16:44
TheRavenKing

Sorted, the file as is works fine on cPanel servers, but on Virtualmon the code needs to be:

<?php phpinfo(); ?>


Thanks for everyone who spend time to help me... much appreciated.
Now I need to find how to allow open short tag to avoid cPanel migration issues, I hope it is in one of the templates.

Sun, 10/28/2018 - 21:42
Jfro

This is working on virtualmin BOX ours.

<?php

// Show all information, defaults to INFO_ALL
phpinfo();

?>

That from the first PHp is a configuration you can set somewhere.

Topic locked