This post originated from an RSS feed registered with Java Buzz by Weiqi Gao. Original Post: Trouble With SELinux On "Production" Server Feed Title: Weiqi Gao's Weblog Feed URL: http://www.weiqigao.com/blog/rss.xml Feed Description: Sharing My Experience... Latest Java Buzz Posts Latest Java Buzz Posts by Weiqi Gao Latest Posts From Weiqi Gao's Weblog

Remember the problem I had with Fedora Core 3, SELinux and Subversion 40 daysago?

Well, I get to deal with it on my "production" server (also Julie's workstation) today, after a reboot. As a result, this weblog was off line for 45 minutes:

CFO: The machine is sluggish lately.

Me: (Lazy) I'll just reboot it. Beats firing up top and kill the stray processes one by one.

Me: (Reboot.) It's fixed now.

CFO: Thank you.

Me: (Five minutes later, saying to myself) What? An internal error on my weblog?

Is Apache running? Yes.

Is Tomcat running? Yes.

Is Pebble running? Yes.

Check the logs. Apache log looks OK. Tomcat log looks OK. Pebble log looks OK.

Check the system log:

Jul 21 17:47:55 gao-2002 kernel: audit(1121986075.661:2): avc:  denied  { connec
t } for  pid=3767 comm="httpd" scontext=user_u:system_r:httpd_t tcontext=user_u:
system_r:httpd_t tclass=tcp_socket

Me: I know it! I know it! I know it! It's, uh, uh, uh, ..., SELinux!

Me: It musted be the updated policy. It won't allow Apache to connect to Tomcat anymore.

Check the mod_jk log:

[Thu Jul 21 17:47:55 2005] [error] ajp_service::jk_ajp_common.c (1673): Error co
nnecting to tomcat. Tomcat is probably not started or is listening on the wrong
port. worker=ajp13 failed errno = 13

Me: I dealt with the same problem on my workstation before.

Me: But that's before the China trip. What did I do to solve the problem?

Me: Oh wait, I blogged about it.

Me: Oh wait, my blog is hosed at the moment!

Me: (Thinking hard—long vacation tends to erase unpleasant memories) ...

Try Google: "disable selinux fedora core 3"

Wow, 34,400 results!

Me: Now I remembered. You just do this: