Hello, I'm trying to setup an OpenCA on a SELinux system (Hardened Gentoo) but I'm currently copping with a problem.
- When SELinux is disabled (selinux=0 at boot time) OpenCA always starts and
works correctly.
- When the system is in permissive mode (i.e. no action is denied), I cannot
start OpenCA with the "run_init" command.
- When the system is in permissive mode, I can start OpenCA without
the "run_init" command.
- When the system is in enforcing mode, I cannot start OpenCA since my policy
is not yet ready (but this not the purpose of my mail).
The description of the problem is : "when I start OpenCA with the run_init
command, the OpenCA daemon (not the XML cache daemon) is killed by a SIGHUP.
I attached the strace output (it is quite short, 30 lines), but the most
important lines are :
write(2, "Process Backgrounded\n", 21) = 21
[...]
open("/usr/lib/perl5/vendor_perl/5.8.8/Net/Server/Proto/UNIX.pm", O_RDONLY|
O_LARGEFILE) = 11
read(11, "# -*- perl -*-\n#\n# Net::Server:"..., 4096) = 4096
read(11, "ent->NS_unix_type( $sock->NS_uni"..., 4096) = 2589
--- SIGHUP (Hangup) @ 0 (0) ---
I do not know where this signal come from. I straced the shell from which I
started the daemon, but I found no reference to "kill" function.
And if I start the daemon without the "run_init" command, the daemon doesn't
receive any signal.
Does anyone have a clue ?
Thanks.
--
Nicolas MASSÉ
Pour récupérer ma clef GPG:
gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 0x2A18C433
Key fingerprint: 6621 FC23 5DC7 54BA B952 316A 50B1 BC3F 2A18 C433
getpid() = 8241
getpid() = 8241
rt_sigprocmask(SIG_BLOCK, [INT], [INT RTMIN], 8) = 0
rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [INT RTMIN], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [INT], NULL, 8) = 0
write(2, "Process Backgrounded\n", 21) = 21
stat64("/var/run/openca/openca_socket.pid", 0x80119300) = -1 ENOENT (No such file or directory)
open("/var/run/openca/openca_socket.pid", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 11
ioctl(11, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbff43c24) = -1 ENOTTY (Inappropriate ioctl for device)
_llseek(11, 0, [0], SEEK_CUR) = 0
fstat64(11, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
fcntl64(11, F_SETFD, FD_CLOEXEC) = 0
write(11, "8241\n", 5) = 5
close(11) = 0
stat64("/var/run/openca/openca_socket.pid", {st_mode=S_IFREG|0644, st_size=5, ...}) = 0
time([1155655876]) = 1155655876
write(2, "2006/08/15-17:31:16 OpenCA::Serv"..., 80) = 80
stat64("/etc/perl/Net/Server/Proto/UNIX.pmc", 0xbff43f40) = -1 ENOENT (No such file or directory)
stat64("/etc/perl/Net/Server/Proto/UNIX.pm", 0xbff43e40) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Net/Server/Proto/UNIX.pmc", 0xbff43f40) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/vendor_perl/5.8.8/i386-linux/Net/Server/Proto/UNIX.pm", 0xbff43e40) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/vendor_perl/5.8.8/Net/Server/Proto/UNIX.pmc", 0xbff43f40) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/vendor_perl/5.8.8/Net/Server/Proto/UNIX.pm", {st_mode=S_IFREG|0444, st_size=6685, ...}) = 0
open("/usr/lib/perl5/vendor_perl/5.8.8/Net/Server/Proto/UNIX.pm", O_RDONLY|O_LARGEFILE) = 11
ioctl(11, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbff43b94) = -1 ENOTTY (Inappropriate ioctl for device)
_llseek(11, 0, [0], SEEK_CUR) = 0
read(11, "# -*- perl -*-\n#\n# Net::Server:"..., 4096) = 4096
read(11, "ent->NS_unix_type( $sock->NS_uni"..., 4096) = 2589
--- SIGHUP (Hangup) @ 0 (0) ---
pgpqIc61YJp8H.pgp
Description: PGP signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
