Ask Your Question
0

SELinux policies block applications even after I explicitly allow them.

asked 2014-11-23 18:31:48 -0500

terrycloth gravatar image

updated 2014-11-23 20:49:17 -0500

mether gravatar image

I'm using Fedora 20 (x64) with selinux-policy v3.12.1 / libselinux v2.2.1.

I'm trying to contribute to the source code of a web application I like. This involves running CouchDB and a Node server on my local system, so I can test my changes before pushing commits.

So to start out, I run sudo service couchdb start

Which returns:

Redirecting to /bin/systemctl start  couchdb.service
Job for couchdb.service failed. See 'systemctl status couchdb.service' and 'journalctl -xn' for details.

Okay, so I try systemctl status couchdb.service

couchdb.service - CouchDB Server
   Loaded: loaded (/usr/lib/systemd/system/couchdb.service; disabled)
   Active: failed (Result: start-limit) since Sun 2014-11-23 16:09:19 PST; 2min 51s ago
  Process: 6968 ExecStart=/usr/libexec/couchdb +Bd -noinput -sasl errlog_type error +K true +A 4 -couch_ini /etc/couchdb/default.ini /etc/couchdb/default.d/ /etc/couchdb/local.d/ /etc/couchdb/local.ini -s couch -pidfile /var/run/couchdb/couchdb.pid (code=exited, status=1/FAILURE)
 Main PID: 6968 (code=exited, status=1/FAILURE)

Nov 23 16:09:19 sanfrancisco systemd[1]: Failed to start CouchDB Server.
Nov 23 16:09:19 sanfrancisco systemd[1]: Unit couchdb.service entered failed state.
Nov 23 16:09:19 sanfrancisco systemd[1]: couchdb.service holdoff time over, scheduling restart.
Nov 23 16:09:19 sanfrancisco systemd[1]: Stopping CouchDB Server...
Nov 23 16:09:19 sanfrancisco systemd[1]: Starting CouchDB Server...
Nov 23 16:09:19 sanfrancisco systemd[1]: couchdb.service start request repeated too quickly, refusing to start.
Nov 23 16:09:19 sanfrancisco systemd[1]: Failed to start CouchDB Server.
Nov 23 16:09:19 sanfrancisco systemd[1]: Unit couchdb.service entered failed state.

and journalctl -xn

-- Logs begin at Sun 2014-02-09 17:35:58 PST, end at Sun 2014-11-23 16:12:45 PST. --
Nov 23 16:09:19 sanfrancisco setroubleshoot[3159]: AuditRecordReceiver.add_record_to_cache(): node=sanfrancisco type=SYSCALL msg=audit(14167
Nov 23 16:09:19 sanfrancisco setroubleshoot[3159]: AuditRecordReceiver.add_record_to_cache(): node=sanfrancisco type=EOE msg=audit(141678436
Nov 23 16:09:44 sanfrancisco fprintd[6923]: ** Message: No devices in use, exit
Nov 23 16:10:26 sanfrancisco systemd[1]: Job dev-disk-by\x2dlabel-El\x5cx20Cajon.device/start timed out.
Nov 23 16:10:26 sanfrancisco systemd[1]: Timed out waiting for device dev-disk-by\x2dlabel-El\x5cx20Cajon.device.
-- Subject: Unit dev-disk-by\x2dlabel-El\x5cx20Cajon.device has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dev-disk-by\x2dlabel-El\x5cx20Cajon.device has failed.
-- 
-- The result is timeout.
Nov 23 16:10:26 sanfrancisco systemd[1]: Dependency failed for /run/media/niccolo/El Cajon.
-- Subject: Unit run-media-niccolo-El\x20Cajon.mount has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit run-media-niccolo-El\x20Cajon.mount has failed.
-- 
-- The result is dependency.
Nov 23 16:10:45 sanfrancisco NetworkManager[859]: <warn> nl_recvmsgs() error: (-33) Dump inconsistency detected, interrupted
Nov 23 16:12:45 sanfrancisco NetworkManager[859]: <warn> nl_recvmsgs() error: (-33) Dump inconsistency detected, interrupted
</warn></warn>

...I, uh, don't really know what any of that means ... (more)

edit retag flag offensive close merge delete

Comments

Please don't add # in front of tags. I have removed them

mether gravatar imagemether ( 2014-11-23 20:49:34 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-01-27 04:47:49 -0500

Hi there,

This can happen if you run couchdb as root since this makes files in /var/run/couchdb/, /var/log/couchdb/ and /var/lib/couchdb/ to be created owned by root.

When systemctrl runs couchdb it runs as the couchdb user which cannot modify the pid, create any logs or read/write the datebase.

To fix this I corrected the file permissions using the following commands

chown -R couchdb:couchdb /var/run/couchdb/ chown -R couchdb:couchdb /var/log/couchdb/ chown -R couchdb:couchdb /var/lib/couchdb/

This works for Fedora and Centos 7

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2014-11-23 18:31:48 -0500

Seen: 565 times

Last updated: Jan 27 '15