刚刚采用Puppet部署了dokuwiki,不过配置完成后报错:
DokuWiki Setup Error
The datadir ('pages') at /pages is not found, isn't accessible or writable. You should check your config and permission settings. Or maybe you want to run the installer?尝试关闭了SELinux,之后就正常。可是在测试环境中就没这个问题。系统环境基本一致。
于是查看了下audit.log:
tail -f /var/log/audit/audit.log | grep -i httpd
type=AVC msg=audit(1377479847.165:): avc: denied { search } for pid= comm="httpd" name="/" dev=dm- ino= scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1377479847.165:): arch= syscall= success=no exit=- a0=1ebef68 a1= a2=1323e18 a3=f items= ppid= pid= auid= uid= gid= euid= suid= fsuid= egid= sgid= fsgid= tty=(none) ses= comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1377479847.166:): avc: denied { search } for pid= comm="httpd" name="/" dev=dm- ino= scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1377479847.166:): arch= syscall= success=no exit=- a0=1ec5a58 a1= a2=1323e18 a3=f items= ppid= pid= auid= uid= gid= euid= suid= fsuid= egid= sgid= fsgid= tty=(none) ses= comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1377479847.166:): avc: denied { search } for pid= comm="httpd" name="/" dev=dm- ino= scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1377479847.166:): arch= syscall= success=no exit=- a0=1eafc54 a1= a2=1323e18 a3=f items= ppid= pid= auid= uid= gid= euid= suid= fsuid= egid= sgid= fsgid= tty=(none) ses= comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1377479847.166:): avc: denied { search } for pid= comm="httpd" name="/" dev=dm- ino= scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1377479847.166:): arch= syscall= success=no exit=- a0=1eafcb8 a1= a2=1323e18 a3=f items= ppid= pid= auid= uid= gid= euid= suid= fsuid= egid= sgid= fsgid= tty=(none) ses= comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1377479847.166:): avc: denied { search } for pid= comm="httpd" name="/" dev=dm- ino= scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1377479847.166:): arch= syscall= success=no exit=- a0=1eb04e8 a1= a2=1323e18 a3=f items= ppid= pid= auid= uid= gid= euid= suid= fsuid= egid= sgid= fsgid= tty=(none) ses= comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1377479847.166:): avc: denied { search } for pid= comm="httpd" name="/" dev=dm- ino= scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1377479847.166:): arch= syscall= success=no exit=- a0=1eb0624 a1= a2=1323e18 a3=f items= ppid= pid= auid= uid= gid= euid= suid= fsuid= egid= sgid= fsgid= tty=(none) ses= comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)HOHO,第一次处理SELinux的故障,看到其中的name、dev以及scontext和tcontext,于是在“/”下找找:
[root@localhost /]# ll -Z /
drwxr-xr-x. apache apache system_u:object_r:file_t:s0 wiki
后来发现是因为将wiki的目录建在了“/”下面,并重新挂载了一个分区,重新赋予权限就好了
[root@localhost /]# chcon -t httpd_t /wiki
对SELinux的了解还是太浅,呵呵。