SELinux preventing httpd to access to ssl certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-openstack-cloud |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Hi,
When using SELinux and SSL configuration on httpd (forward by Haproxy) the service doesn't start because of SELinux :
From /var/log/
[Wed Apr 15 15:54:19.059615 2015] [core:notice] [pid 29382] SELinux policy enabled; httpd running as context system_
[Wed Apr 15 15:54:19.061049 2015] [ssl:emerg] [pid 29382] (13)Permission denied: AH02201: Init: Can't open server certificate file /etc/ssl/
[Wed Apr 15 15:54:19.061068 2015] [ssl:emerg] [pid 29382] AH02312: Fatal error initialising mod_ssl, exiting.
From /var/log/
type=AVC msg=audit(
me_t:s0 tclass=file
type=AVC msg=audit(
The SSL certificates are located in /etc/ssl/certs/
# ls -hl /etc/ssl/
-rw-r--r--. 1 root root 1,2K 10 avril 19:51 /etc/ssl/
-rw-r--r--. 1 root root 1,1K 13 avril 09:19 /etc/ssl/
-rw-r--r--. 1 root root 1,7K 10 avril 19:51 /etc/ssl/
-rw-r--r--. 1 root root 2,7K 13 avril 10:18 /etc/ssl/
Parameters in the yaml env file :
horizon_
horizon_
horizon_ssl: true
horizon_
horizon_cert: /etc/ssl/
horizon_key: /etc/ssl/
horizon_ca: /etc/ssl/
When disabling SELinux, httpd can start normaly
description: | updated |
Thanks for the report. openstack- cloud, but rather a new boolean you could add in SElinux configuration (you can use Puppet for that, look at the environment file) or probably a bug in SElinux Red Hat package. openstack- cloud to fix it so I have to close this bug.
I think this is a not a bug in puppet-
There is nothing we can do in puppet-