Using SELinux with mod_jk

I was getting the following errors in my logs when trying to run mod_jk under SELinux: 

[Mon Sep 10 12:29:31 2007] [7675:3086563024] [error] init_jk::mod_jk.c (2732): Initializing shm:/var/log/httpd/mod_jk.shm.7675 errno=13. Load balancing workers will not function properly.

This was in /var/log/audit/audit.log: 

type=AVC msg=audit(1189306922.979:7693): avc:  denied  { write } for  pid=15321 comm="httpd" name="mod_jk.shm.15321" dev=dm-0 ino=15925533 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:httpd_log_t:s0 tclass=file

As described here the fix is:

  1. create /var/cache/httpd
  2. Label the directory: 

# setfiles -v -l -d /etc/selinux/targeted/contexts/files/file_contexts /var/cache/httpd
  1. change /etc/httpd/conf.d/mod_jk.conf to point the shm file to /var/cache/httpd/mod_jk.shm

CategorySelinux CategoryLinux

Mod JkSelinux (last edited 2007-09-10 11:43:29 by DavidKeen)