Question
Paul Coviello · Jul 8

CSP event log error

Hello, would anyone know where in Linux I need to change permissions on this? 

it is running a full Apache install and not what came with Cache.

1
1 198
Discussion (13)1
Log in or sign up to continue

$ sudo find / -name "CSP.log" 2>/dev/null

Also if selinux enabled and blocking:
$ sestatus
SELinux status: enabled

Validate. (Example correct path as location above)

$ ls -Z /opt/webgateway/logs/CSP.log

Correction. (Example correct path as location above)

$ sudo semanage fcontext -a -t httpd_log_t /opt/webgateway/logs/CSP.log
$ sudo restorecon -v /opt/webgateway/logs/CSP.log

hmm no I have cspgateway  and I'm running RHEL 7

  find / -name "CSP.log" 2>/dev/null
/opt/cspgateway/bin/CSP.log
/DSA200/cachesys/csp/bin/CSP.log
[root@facstestlinux localusers]# ls -Z /opt/cspgateway
drwxr-xr-x. root   root   unconfined_u:object_r:usr_t:s0   apache
drwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   bin
drwxr-xr-x. root   root   unconfined_u:object_r:usr_t:s0   cache
drwxr-xr-x. root   root   unconfined_u:object_r:usr_t:s0   util

and

root@facstestlinux localusers]# ls -Z /DSA200/cachesys/csp

drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 bin
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 broker
-rw-rw-r--. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 Default.csp
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 docbook
-rw-rw-r--. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 favicon.ico
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 samples
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 sys
drwxrwxr-x. cacheusr cacheusr unconfined_u:object_r:unlabeled_t:s0 user
 

If httpd is running under user "apache", in group "apache"

Then might need to chown:

sudo chown apache:apache /opt/cspgateway/bin/CSP.log

Then the "rwx" on group would allow the write.

still not working and I tried the whole dir after just doing the log file also restarted httpd and nada...

[root@facstestlinux localusers]#  chown apache:apache /opt/cspgateway/bin/*
[root@facstestlinux localusers]# ls -Z /opt/cspgateway/bin
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   cconnect.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa22.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa22Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa24.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa24Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa2.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPa2Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSP.bak
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPcgi
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPcgiSys
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSP.ini
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSP.log
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPn3.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPn3Sys.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPnsd
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   CSPRT.ini
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   libcrypto.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   libssl.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   libz.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   mod_csp22.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   mod_csp24.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   mod_csp2.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   mod_csp.so
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   nph-CSPcgi
-rwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   nph-CSPcgiSys
drwxrwxrwx. apache apache unconfined_u:object_r:usr_t:s0   temp
 

EDIT: Sorry, didn't notice that Alex Woodhead had already provided this answer ...

If SELinux is enabled, you may need to run the following commands as root:

# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webgateway/logs/CSP.log'
# restorecon -v '/opt/webgateway/logs/CSP.log'

Note that the '#' character represents the root account prompt and is not part of the command.

I didn't realize that selinux was part of RHEL and I changed the path to reflect where the log files is.

facstestlinux mgr]#  semanage fcontext -a -t httpd_sys_rw_content_t '/opt/cspgateway/bin/CSP.log'
[root@facstestlinux mgr]# restorecon -v '/opt/cspgateway/bin/CSP.log'
restorecon reset /opt/cspgateway/bin/CSP.log context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:httpd_sys_rw_content_t:s0
[root@facstestlinux mgr]#
 

and voila!  but I cannot login!  sigh

What error are you getting when you attempt to log in?

fixed that and had to run  setsebool -P httpd_can_network_connect on

and it works thank you for all your help I learned new things today!!!

thanks

Paul

At some point I encoutered a problem that required I also run this command:

setsebool -P httpd_unified 1

I can't remember what it fixed, but I do know by the fact that I made a note of it that it fixed something ... laugh