<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.E-MailFormatvorlage17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.E-MailFormatvorlage20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US" style="color:#1F497D">No, file was created by the httpd process..<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US" style="color:#1F497D">I compared all the files with a CentOS65 httpd-2.2.15-30.el6.centos.x86_64 installation and found no difference<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US" style="color:#1F497D">I have followed Kurianīs advice and changed the context of apachectl to httpd_exec_t. That solved my problem<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US" style="color:#1F497D">Thank you<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US">Looks like the httpd.pid file is mislabled?<br>
<br>
</span>matchpathcon /run/httpd.pid<br>
/run/httpd.pid system_u:object_r:httpd_var_run_t:s0<br>
<br>
<br>
Was this file created without running through a service script?<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 07/09/2014 07:43 AM, Konopka.Andre wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi list,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I use a self compiled apache-2.2.27 on a CentOS6.5 box</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I run into trouble with the apachectl command.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">If I try stop apache with ‘apachectl stop’ it complains:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">(13)Permission denied: Error retrieving pid file run/httpd.pid</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Remove it before continuing if it is corrupted.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Audit logs shows the problem:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">type=AVC msg=audit(1404897126.819:7069): avc: denied { read } for pid=23031 comm="httpd" name="httpd.pid" dev=dm-0 ino=529958 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">type=SYSCALL msg=audit(1404897126.819:7069): arch=c000003e syscall=2 success=no exit=-13 a0=7ff99e37eff0 a1=80000 a2=1b6 a3=1 items=0 ppid=23029 pid=23031 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts0 ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">BTW Stopping apache with ‘httpd –k stop’ works fine.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">[root@centos1 conf]# ls -lZ /usr/sbin/apachectl
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">-rwxr-xr-x. root root system_u:object_r:initrc_exec_t:s0 /usr/sbin/apachectl</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">[root@centos1 conf]#</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">[root@centos1 conf]# ls -lZ /usr/sbin/httpd</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">-rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">[root@centos1 conf]#</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">[root@centos1 audit]# ps -efZ | grep -i apachectl</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">unconfined_u:system_r:initrc_t:s0 root 23066 2412 0 11:20 pts/0 00:00:00 /bin/sh /usr/sbin/apachectl</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">[root@centos1 audit]# ls -lZ httpd.pid</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">-rw-r--r--. root root unconfined_u:object_r:var_run_t:s0 httpd.pid</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">How can I fix it?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:DE"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>--<o:p></o:p></pre>
<pre>selinux mailing list<o:p></o:p></pre>
<pre><a href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a><o:p></o:p></pre>
<pre><a href="https://admin.fedoraproject.org/mailman/listinfo/selinux">https://admin.fedoraproject.org/mailman/listinfo/selinux</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:DE"><o:p> </o:p></span></p>
</div>
</body>
</html>