Pages

Unixbhaskar's Blog

Loading...

Wednesday, September 3, 2014

How to fix Nginx problem with SELinux

I was getting the below error while try to start nginx on the same box as httpd running...but it has got nothing to do with httpd ..
19:35:30_Mon Sep 01:/etc/nginx> sudo systemctl status nginx.service
nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: failed (Result: exit-code) since Mon 2014-09-01 19:33:13 IST; 2min 28s ago
Process: 8238 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)

Sep 01 19:33:13 LAP-02-1755 nginx[8238]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 01 19:33:13 LAP-02-1755 nginx[8238]: nginx: [emerg] bind() to 127.0.0.1:100 failed (13: Permission denied)
Sep 01 19:33:13 LAP-02-1755 nginx[8238]: nginx: configuration file /etc/nginx/nginx.conf test failed
Sep 01 19:33:13 LAP-02-1755 systemd[1]: nginx.service: control process exited, code=exited status=1
Sep 01 19:33:13 LAP-02-1755 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Sep 01 19:33:13 LAP-02-1755 systemd[1]: Unit nginx.service entered failed state.


Then, I cross checked the file permissions :


19:37:38_Mon Sep 01:/etc/nginx> sudo /usr/bin/namei -m /etc/nginx/nginx.conf
f: /etc/nginx/nginx.conf
drwxr-xr-x /
drwxr-xr-x etc
drwxr-xr-x nginx
-rw-r--r-- nginx.conf
Looks alright to me!! but why it is not coming? SELINUX?? yes...
19:41:51_Mon Sep 01:/etc/nginx> ls -Z /etc/httpd/conf/httpd.conf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 /etc/httpd/conf/httpd.conf
19:42:10_Mon Sep 01:/etc/nginx> ls -Z /etc/nginx/nginx.conf
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 /etc/nginx/nginx.conf


Looks similar!! Now every time I tried to start nginx ...it throws AVC deniel error..once opened that..I got the solution too...:)

19:44:49_Mon Sep 01:/etc/nginx> sudo su -
Last login: Mon Sep 1 18:31:19 IST 2014 on pts/1
19:44:58_Mon Sep 01:~ # grep nginx /var/log/audit/audit.log | audit2allow -M nginxpol
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i nginxpol.pp

19:45:12_Mon Sep 01:~ # semodule -i nginxpol.pp

Now restart the nginx daemon..and voila!!

19:45:48_Mon Sep 01:/etc/nginx> sudo systemctl restart nginx.service
19:45:52_Mon Sep 01:/etc/nginx> sudo systemctl status nginx.service
nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: active (running) since Mon 2014-09-01 19:45:52 IST; 7s ago
Process: 8538 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 8535 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Main PID: 8541 (nginx)
CGroup: /system.slice/nginx.service
├─8541 nginx: master process /usr/sbin/nginx
└─8542 nginx: worker process

Sep 01 19:45:52 LAP-02-1755 nginx[8535]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 01 19:45:52 LAP-02-1755 nginx[8535]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Sep 01 19:45:52 LAP-02-1755 systemd[1]: Started The nginx HTTP and reverse proxy server.



Cool!! hope this will help.
Bhaskar

Posted by at No comments:

Thursday, February 20, 2014

How to fix "Read-only" root file system


This happened on Ubuntu 13.10.

Okay, I recently encounter it in one of my OS's installed in my laptop...there are many of them ..this is on Ubuntu...

After booting( I am accessing this partition after month or two!) it works fine for few minutes then all of a sudden it went back to Read-Only mode and that too root fs...irk...real irk...:(

So, I was doing an update to that OS after a while as I said..and it bug me twice..so started to hunt down that problem.I started to look around different aspect of fs and finally look at fstab..and it was little different then I thought.

The root fs was has the parameter of "on-error=errors=remount-ro" and which is missing the "defaults" option. Okay, what's the big deal with that "defaults" option..very big deal indeed.Please check out the mount man page to find out more about that option.

From the man pages of mount:

defaults
Use default options: rw, suid, dev, exec, auto, nouser, and async.

Now , I hope you understand why :)


But why the hell it was missing from the option in fstab file ...I was wondering..probably last update?or something else?Because I haven't had change anything in that file IIRC...or ...let me know if you believe and prof of something else doing that ..

Mind you, I have done two round of fsck after being hit by that to bring down that os and do it from other os partition.And the fsck fixed up few more thing..but still it was happening...so adding that options is simple and worked for me.

Hope this will help.

Cheers!
Bhaskar
Posted by at 3 comments:
Subscribe to: Posts (Atom)