cancel
Showing results for 
Search instead for 
Did you mean: 

Can anyone test Magento 2 on CentOS with SElinux enabled?

SOLVED

Can anyone test Magento 2 on CentOS with SElinux enabled?

Hello.
Can anyone test installing Magento on CentOS 7.X with SELinux enabled? I copied Magento installation files under "/var/www/html" but when I browse server IP then I can't see installation wizard.

Thank you.
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Can anyone test Magento 2 on CentOS with SElinux enabled?

I did:

$ chcon -R -t httpd_sys_rw_content_t var/ pub/ generated/

And problem solved.

View solution in original post

4 REPLIES 4

Re: Can anyone test Magento 2 on CentOS with SElinux enabled?

First "Disable" the SELinux temporary and see whether you can access the installation.

 

#setenforece 0

 

If you can proceed with the installation without any issues when SELinux is disabled.

 

Enable SELinux again,

 

#setenforce 1

 

Then refer to,

 

/var/log/audit/audit.log or /var/log/audit

 

to find out what is causing the issue.

 

You can use,

 

#audit2allow

 

to generates SELinux policy-allow rules. Please refer to my website SELinuxForum.com for more information.

 

Re: Can anyone test Magento 2 on CentOS with SElinux enabled?

When I disabled SELinux then it is OK.

Log tell me:

# cat /var/log/audit/audit.log 
type=MAC_STATUS msg=audit(1559021267.527:170): enforcing=1 old_enforcing=0 auid=1000 ses=2
type=SYSCALL msg=audit(1559021267.527:170): arch=c000003e syscall=1 success=yes exit=1 a0=3 a1=7fff32f909c0 a2=1 a3=7fff32f90420 items=0 ppid=3755 pid=3850 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="setenforce" exe="/usr/sbin/setenforce" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=PROCTITLE msg=audit(1559021267.527:170): proctitle=736574656E666F7263650031
type=USER_AVC msg=audit(1559021267.527:171): pid=2918 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received setenforce notice (enforcing=1)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1559021274.515:172): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received setenforce notice (enforcing=1)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=SERVICE_STOP msg=audit(1559021275.548:173): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1559021275.658:174): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1559021283.808:175): avc:  denied  { write } for  pid=3863 comm="httpd" name="page_cache" dev="dm-0" ino=205975324 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1559021283.808:175): arch=c000003e syscall=21 success=no exit=-13 a0=7fcb925e3b40 a1=2 a2=0 a3=7777772f7261762f items=0 ppid=3861 pid=3863 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1559021283.808:175): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44

How can I solve it?

Re: Can anyone test Magento 2 on CentOS with SElinux enabled?

I did:

$ chcon -R -t httpd_sys_rw_content_t var/ pub/ generated/

And problem solved.

Re: Can anyone test Magento 2 on CentOS with SElinux enabled?

Thank you thank you thank you! The Magento install guide was missing the generated directory: https://devdocs.magento.com/guides/v2.3/install-gde/prereq/file-system-perms.html

 


@jason_long wrote:

I did:

$ chcon -R -t httpd_sys_rw_content_t var/ pub/ generated/

And problem solved.