I found it:
System Settings â
when I start apache I get this message:
Failed to start service :
Starting httpd: [FAILED]
and then in my setroubleshoot browser I get this:
Summary:
SELinux is preventing httpd (httpd_t) "append" to ./newblueworld.com_error_log
(var_log_t).
Detailed Description:
SELinux is preventing httpd (httpd_t) “append” to ./newblueworld.com_error_log
(var_log_t). The SELinux type var_log_t, is a generic type for all files in the
directory and very few processes (SELinux Domains) are allowed to write to this
SELinux type. This type of denial usual indicates a mislabeled file. By default
a file created in a directory has the gets the context of the parent directory,
but SELinux policy has rules about the creation of directories, that say if a
process running in one SELinux Domain (D1) creates a file in a directory with a
particular SELinux File Context (F1) the file gets a different File Context
(F2). The policy usually allows the SELinux Domain (D1) the ability to write,
unlink, and append on (F2). But if for some reason a file
(./newblueworld.com_error_log) was created with the wrong context, this domain
will be denied. The usual solution to this problem is to reset the file context
on the target file, restorecon -v ‘./newblueworld.com_error_log’. If the file
context does not change from var_log_t, then this is probably a bug in policy.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against the selinux-policy package. If it does change, you can try your
application again to see if it works. The file context could have been
mislabeled by editing the file or moving the file from a different directory, if
the file keeps getting mislabeled, check the init scripts to see if they are
doing something to mislabel the file.
Allowing Access:
You can attempt to fix file context by executing restorecon -v
‘./newblueworld.com_error_log’
Fix Command:
restorecon ‘./newblueworld.com_error_log’
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:var_log_t:s0
Target Objects ./newblueworld.com_error_log [ file ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host seatechproducts.net
Source RPM Packages httpd-2.2.8-3
Target RPM Packages
Policy RPM selinux-policy-3.3.1-121.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name mislabeled_file
Host Name seatechproducts.net
Platform Linux seatechproducts.net 2.6.25.11-97.fc9.i686 #1
SMP Mon Jul 21 01:31:09 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 25 Feb 2009 06:49:59 AM PST
Last Seen Wed 25 Feb 2009 06:49:59 AM PST
Local ID c4c237bb-825a-48e3-89c9-d9939c7324c1
Line Numbers
Raw Audit Messages
host=seatechproducts.net type=AVC msg=audit(1235573399.840:250): avc: denied { append } for pid=11573 comm="httpd" name="newblueworld.com_error_log" dev=sda3 ino=1745020 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
host=seatechproducts.net type=SYSCALL msg=audit(1235573399.840:250): arch=40000003 syscall=5 success=no exit=-13 a0=b95626b8 a1=8441 a2=1b6 a3=8441 items=0 ppid=11572 pid=11573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
when I start apache I get this message:
Failed to start service :
Starting httpd: [FAILED]
and then in my setroubleshoot browser I get this:
Summary:
SELinux is preventing httpd (httpd_t) "append" to ./newblueworld.com_error_log
(var_log_t).
Detailed Description:
SELinux is preventing httpd (httpd_t) “append” to ./newblueworld.com_error_log
(var_log_t). The SELinux type var_log_t, is a generic type for all files in the
directory and very few processes (SELinux Domains) are allowed to write to this
SELinux type. This type of denial usual indicates a mislabeled file. By default
a file created in a directory has the gets the context of the parent directory,
but SELinux policy has rules about the creation of directories, that say if a
process running in one SELinux Domain (D1) creates a file in a directory with a
particular SELinux File Context (F1) the file gets a different File Context
(F2). The policy usually allows the SELinux Domain (D1) the ability to write,
unlink, and append on (F2). But if for some reason a file
(./newblueworld.com_error_log) was created with the wrong context, this domain
will be denied. The usual solution to this problem is to reset the file context
on the target file, restorecon -v ‘./newblueworld.com_error_log’. If the file
context does not change from var_log_t, then this is probably a bug in policy.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against the selinux-policy package. If it does change, you can try your
application again to see if it works. The file context could have been
mislabeled by editing the file or moving the file from a different directory, if
the file keeps getting mislabeled, check the init scripts to see if they are
doing something to mislabel the file.
Allowing Access:
You can attempt to fix file context by executing restorecon -v
‘./newblueworld.com_error_log’
Fix Command:
restorecon ‘./newblueworld.com_error_log’
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:var_log_t:s0
Target Objects ./newblueworld.com_error_log [ file ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host seatechproducts.net
Source RPM Packages httpd-2.2.8-3
Target RPM Packages
Policy RPM selinux-policy-3.3.1-121.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name mislabeled_file
Host Name seatechproducts.net
Platform Linux seatechproducts.net 2.6.25.11-97.fc9.i686 #1
SMP Mon Jul 21 01:31:09 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 25 Feb 2009 06:49:59 AM PST
Last Seen Wed 25 Feb 2009 06:49:59 AM PST
Local ID c4c237bb-825a-48e3-89c9-d9939c7324c1
Line Numbers
Raw Audit Messages
host=seatechproducts.net type=AVC msg=audit(1235573399.840:250): avc: denied { append } for pid=11573 comm="httpd" name="newblueworld.com_error_log" dev=sda3 ino=1745020 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
host=seatechproducts.net type=SYSCALL msg=audit(1235573399.840:250): arch=40000003 syscall=5 success=no exit=-13 a0=b95626b8 a1=8441 a2=1b6 a3=8441 items=0 ppid=11572 pid=11573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
Hello,
I have been reading this thread and was trying to follow the advice because I am having the same issues.
Now do you mind telling me how I can disable Suexec? Where is System Settings -> Server Templates -> Default Template -> Apache Website? I tried looking for it in Webmin but I never found it. I check virtualmin directory and never found it either.
I hope you I get answer.
Thanks.
You need the Virtualmin Framed Theme. Trying to run Virtualmin without it is just asking for a life of suffering and confusion. While you’re at it, think about whether you can start with a fresh OS install and run our install script instead of trying to setup Virtualmin manually. It’ll save you a lot of time, and these kinds of questions won’t even come up (both the suexec question and the menu item location question).
I found a fix for this in Ubuntu 9.04. working on another issue, I ran into a dir called suexec, under /etc/apache2. In the suexec folder is a file called www-data. I edit the file to read as…
/home
public_html/cgi-bin
# The first two lines contain the suexec document root and the suexec userdir
# suffix. Both features can be disabled separately by prepending a # character.
# This config file is only used by the apache2-suexec-custom package.
then,
/etc/init.d/apache2 restart
Once started, I checked it again and now it is happy!
All commands needed to create and restore backups are installed.
… your system is ready for use by Virtualmin.
Updating all Webmin users with new settings…
… done
Updating status collection job …
… done
on debian lenny run ok
as root
#apt-get install apache2-suexec-custom
after install go to
#cd /etc/apache2/suexec
edit the file
#pico www-data
u can see the first 2 lines,
make the changes:
replace
/var/www
with
/home
ctrl+x and say Y for save the changes
after, restart apache
#/etc/init.d/apache2 restart
and TADAAAAA!!!
it’s work
y para los que hablan español (mi ingles es pesimo)
en debian lenny corre ok
como root
#apt-get install apache2-suexec-custom
despues de la instalacion, ir a
#cd /etc/apache2/suexec
editar el archivo
#pico www-data
pueden ver las 2 primeras lineas,
hacer los cambios:
reemplazar
/var/www
con
/home
ctrl+x y diga S para grabar los cambios
despues reiniciamos apache
#/etc/init.d/apache2 restart
y TADAAAAA!!!
funciona!
On a new CentOS system his did the trick for me…
Try this step (assuming all of the templates and stuff reference $HOME rather than absolute paths containing “/home”
In Users and Groups / Module Config (in Webmin:System) set the default home directory to /var/www/html
Hope this helps!
I fixed this in the GPL version by installing the package apache2-suxec-custom
It has a config file located in the directory /etc/apache2/suxec
In this file you can configure the necessary paths.
HTH
Seems this error persists even six years later.
Installed CentOS 6.5 x64
Installed Webmin
Installed FreeSwitch
Tried to install Virtualmin through Webmin… fail
Anyway, I’m trying install.sh now. Very disappointed that Virtualmin couldn’t be installed separately from Webmin, and now that I already tried the Virtualmin installation install.sh may fail too. I might have to rewind to another fresh installation of CentOS. 