centos 5 or same linux kernel coldfusion 설치 에러시 Coldfusion

There's been a lot of talk about how to run ColdFusion MX 7 on Ubuntu Linux, but I haven't seen much about running CFMX on Fedora Core 6 Linux. While both are officially unsupported for use with ColdFusion by Adobe, as a hobbyist you might enjoy working with these or other distributions, as I do. Ubuntu is based on source from Debian Linux, while Fedora Core is based on Red Hat source, and in fact Fedora distros are effectively public betas used towards the development of future Red Hat Enterprise Linux releases. According to DistroWatch, Ubuntu is by far the most popular distro out there, for now, while Fedora pulls in at #3.


The problems regarding the installation and configuration of ColdFusion on each distribution are both overlapping and yet distinct, especially where Security Enhanced Linux (SELinux) is involved (Fedora). FC6 intends to make SELinux security policy administration easier via a graphical troubleshooting tool. (While I was able to install and use setroubleshoot, I was not able to get the sealert client GUI to work, but it does have commandline operations that were helpful... somewhat. See below.)


Here I identify and address 5 problems in order to run ColdFusion on FC6, leaving one problem with SELinux unresolved but with a workaround. Some of these problems and their solutions have been blogged about before, but I found new twists to them in FC6.


I decided to address the issues of Fedora Core because Red Hat Enterprise Linux 5 is currently in Beta 2 and is largely based on Fedora, and I hope to be ahead of the curve by the time RHEL5 is released. Since ColdFusion 4.01 in 1998, ColdFusion releases have supported current Red Hat releases.


To begin, here's the distribution and kernel information that I used:


 


[root@FC6DELL installers]# uname -a
Linux FC6DELL 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:54:20 EDT 2006 i686 i686 i386 GNU/Linux
[root@FC6DELL installers]# cat /etc/redhat-release
Fedora Core release 6 (Zod)

Problem 1: Error while loading shared libraries: libc.so.6:


The first problem encountered when attempting to install ColdFusion (on this unsupported distribution), was one I've heard a lot about. The error indicates that libc.so.6 cannot be found, and when the package list is queried the missing file is confirmed to be present.


 


[root@FC6DELL installers]# ls -l
total 287228
-rwxr-xr-x 1 root root 293820234 Nov 6 13:08 coldfusion-macr-linux.bin
[root@FC6DELL installers]# ./coldfusion-macr-linux.bin
Preparing to install...
Extracting the JRE from the installer archive...
Unpacking the JRE...
Extracting the installation resources from the installer archive...
Configuring the installer for this system's environment...
awk: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
dirname: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/bin/ls: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory
basename: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
dirname: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
basename: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory

Launching installer...

grep: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/tmp/install.dir.3348/Linux/resource/jre/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory

Here I confirm that the 'missing' file is in fact installed:


 


[root@FC6DELL installers]# rpm -q --whatprovides libc.so.6
glibc-2.5-3
[root@FC6DELL installers]# rpm -q glibc
glibc-2.5-3

Using a hack first mentioned in July among the comments to one of my blog entries, and later in the comments on Dave Shuck's blog, I was able to install ColdFusion MX 7.02 on FC6.


First, rename the coldfusion bin file:


 


[root@FC6DELL installers]# ls -l
total 287228
-rwxr-xr-x 1 root root 293820234 Nov 6 13:08 coldfusion-macr-linux.bin
[root@FC6DELL installers]# mv coldfusion-macr-linux.bin coldfusion-macr-linux.bin.bak
[root@FC6DELL installers]# ls -l
total 287228
-rwxr-xr-x 1 root root 293820234 Nov 6 13:08 coldfusion-macr-linux.bin.bak

Then run a string replace operation on the binary, which comments out the offending line and generates a new binary with the change:


 


[root@FC6DELL installers]# cat coldfusion-macr-linux.bin.bak | sed "s/export LD_ASSUME/#xport LD_ASSUME/" > coldfusion-macr-linux.bin
[root@FC6DELL installers]# ls -l
total 574456
-rw-r--r-- 1 root root 293820234 Dec 3 12:23 coldfusion-macr-linux.bin
-rwxr-xr-x 1 root root 293820234 Nov 6 13:08 coldfusion-macr-linux.bin.bak

Then remove the .bak file copy to avoid confusion:


 


[root@FC6DELL installers]# rm coldfusion-macr-linux.bin.bak
rm: remove regular file `coldfusion-macr-linux.bin.bak'? y
[root@FC6DELL installers]# chmod u+x coldfusion-macr-linux.bin
[root@FC6DELL installers]# ls -l
total 287228
-rwxr--r-- 1 root root 293820234 Dec 3 12:23 coldfusion-macr-linux.bin

And now try running the binary again, making sure to not configure Apache during installation (and use the built-in webserver for now):


 


[root@FC6DELL installers]# ./coldfusion-macr-linux.bin
Preparing to install...
Extracting the JRE from the installer archive...
Unpacking the JRE...
Extracting the installation resources from the installer archive...
Configuring the installer for this system's environment...
awk: cmd. line:6: warning: escape sequence `.' treated as plain `.'

Launching installer...

Preparing CONSOLE Mode Installation...

...

You have successfully completed the first step in installing Macromedia
ColdFusion MX 7.

To continue with your installation, go to /opt/coldfusionmx7/bin and type
"./coldfusion start" to start your server.

Once the server is started log in to the Configuration Wizard at
http://[machinename]:8500/CFIDE/administrator/index.cfm

PRESS TO EXIT THE INSTALLER:
[root@FC6DELL installers]#

Success! ColdFusion server is now installed.


As mentioned in the comments on Dave Shuck's blog, change some basic ColdFusion scripts which may also have a similar problem. Although I found that the change I made to the original binary propagated to the resultant config scripts, so no additional change was needed:


 


[root@FC6DELL installers]# cd /opt/coldfusionmx7/bin
[root@FC6DELL bin]# cat coldfusion | grep LD_ASSUME_KERNEL
LD_ASSUME_KERNEL=2.2.9
#xport LD_ASSUME_KERNEL
[root@FC6DELL bin]# cat cfstat | grep LD_ASSUME_KERNEL
LD_ASSUME_KERNEL=2.2.9
#xport LD_ASSUME_KERNEL
[root@FC6DELL bin]# cat cfinfo | grep LD_ASSUME_KERNEL

Except for the uninstall script which would need the sed string replace hack if you decide to run the uninstall script:


 


[root@FC6DELL bin]# cat ../uninstall/uninstall | grep LD_ASSUME_KERNEL
linux_LD_ASSUME_KERNEL_hack=0;
linux_LD_ASSUME_KERNEL_hack=1
# LD_ASSUME_KERNEL for Native POSIX Threading Library on some Linux distros
export LD_ASSUME_KERNEL=2.2.5
# unset the LD_ASSUME_KERNEL in cause we don't need it
unset LD_ASSUME_KERNEL
# check our rules for setting LD_ASSUME_KERNEL
linux_LD_ASSUME_KERNEL_hack=1
if [ $linux_LD_ASSUME_KERNEL_hack -eq 1 ]; then
LD_ASSUME_KERNEL=2.2.5
export LD_ASSUME_KERNEL
[root@FC6DELL bin]#

Great, ColdFusion is installed, now to start it:


 


[root@FC6DELL bin]# ./coldfusion start
Starting ColdFusion MX 7...
The ColdFusion MX 7 server is starting up and will be available shortly.
======================================================================
ColdFusion MX 7 has been started.
ColdFusion MX 7 will write logs to /opt/coldfusionmx7/logs/cfserver.log
======================================================================

[root@FC6DELL bin]# ps -ef | grep cold
nobody 31404 1 0 13:22 ? 00:00:00 /opt/coldfusionmx7/verity/k2/_ilnx21/bin/k2admin
nobody 5889 1 0 13:46 ? 00:00:00 /opt/coldfusionmx7/runtime/bin/cfmx7 -jar jrun.jar -autorestart -start coldfusion
nobody 5890 5889 48 13:46 ? 00:00:18 /opt/coldfusionmx7/runtime/bin/cfmx7 -jar jrun.jar -start coldfusion
root 5979 2772 0 13:46 pts/1 00:00:00 grep cold
[root@FC6DELL bin]#

Everything seems in place. ColdFusion is running and listening on port 8500 for web requests.


Problem 2: Graphing Service Not Available


Open the ColdFusion Administrator to complete the second half of the installation process, the Setup Wizard. When browsing the CF Admin for the first time, I was greeted with a familiar problem:


The Graphing Service is not available


and in the cfserver.log I found:


 


12/05 16:20:03 Error [main] - Unable to initialize Graphing service: java.lang.UnsatisfiedLinkError: /opt/coldfusionmx7/runtime/jre/lib/i386/libawt.so: libXp.so.6: cannot open shared object file: No such file or
directory

I attempted the fix reported earlier on my blog for this, which is to install the xorg-x11-deprecated-libs package, but that did not work on FC6 this time. I found that the libXp package for FC6 was available for FC6 on rpmfind.net, so I installed it.


 


[root@FC6DELL connectors]# rpm -Uvh /home/steven/libXp-1.0.0-8.i386.rpm
warning: /home/steven/libXp-1.0.0-8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing... ########################################### [100%]
1:libXp ########################################### [100%]
[root@FC6DELL connectors]# service coldfusionmx7 restart

But of course this is Fedora, which now uses yum to install patches, so for demonstration I removed the libXp rpm and used yum to install instead, which is much easier:


 


[root@FC6DELL ~]# rpm -e libXp
[root@FC6DELL ~]# yum install libXp
...
Installing: libXp ######################### [1/1]
Installed: libXp.i386 0:1.0.0-8
Complete!

And with this library installed ColdFusion now started properly without the graphing service error and I was able to complete the Setup Wizard in the browser.


Problem 3: Change in /etc/hosts syntax affects connector installation


At this point I wanted to explore configuring Apache 2.2, default on the system and known to not work with the CFMX 7.0x releases, although a hotfix is avialable. Just to see how a unexpecting user might encounter the problem, I attempted to configure Apache as is.


Here's the version info and location of binaries needed to to run the connector script:


 


[root@FC6DELL bin]# rpm -q httpd
httpd-2.2.3-5
[root@FC6DELL bin]# which httpd
/usr/sbin/httpd
[root@FC6DELL bin]# httpd -v
Server version: Apache/2.2.3
Server built: Sep 11 2006 09:43:05
[root@FC6DELL bin]# which apachectl
/usr/sbin/apachectl

ColdFusion ships with some example scripts which can be modified for commandline installation of the external webserver connector. In the {cf_root}/bin/connectors directory I selected the apache_connector.sh script for modification based on the location of Apache binaries on my system (in /usr/sbin/):


 


[root@FC6DELL bin]# cd connectors/
[root@FC6DELL connectors]# cat apache_connector.sh

#!/bin/sh

#
# Configure the Apache connector.
# -dir should be the *directory* which contains httpd.conf
# -bin should be the path to the apache *executable*
# -script should be the path to the script which is used to
# start/stop apache
#
../../runtime/bin/wsconfig
-server coldfusion
-ws apache
-dir /etc/httpd/conf
-bin /usr/sbin/httpd
-script /usr/sbin/apachectl
-coldfusion

exit $#

Saving the file and running it, I encountered the following problem which suggests possible causes:


 


[root@FC6DELL connectors]# ./apache_connector.sh
Could not connect to any JRun/ColdFusion servers on host localhost.
Possible causes:
o Server not running
-Start Macromedia JRun4 or ColdFusion MX server
o Server running
-JNDI listen port in jndi.properties blocked by TCP/IP filtering or firewall
on server
-host restriction in security.properties blocking communication with server
[root@FC6DELL connectors]#

I've done this enough times to know that everything should be in place and should be working, so perhaps there is a new problem. I tested with the firewall on and off (I must have installed with pretty liberal iptables rules because connections to ports on localhost were not being blocked, and I confirmed with the command iptables -nvL to show the rules, something I'll tighten up later). I also checked to confirm the server was running and that the JNDI port was being listened to (2920 as defined in SERVER-INF/jndi.properties):


 


[root@FC6DELL ~]# netstat -antp | grep "cfmx7"
tcp 0 0 :::51011   :::*   LISTEN 3971/cfmx7
tcp 0 0 :::2920   :::*   LISTEN 3971/cfmx7
tcp 0 0 :::1099   :::*   LISTEN 3971/cfmx7
tcp 0 0 :::45742   :::*   LISTEN 3971/cfmx7
tcp 0 0 :::8500   :::*   LISTEN 3971/cfmx7

Knowing that part of the problem with running the wsconfig connector tool might be hostname problems and such, I checked /etc/sysconfig/network, check the output of hostname, and checked the contents of /etc/hosts. In /etc/hosts I found a new syntax which surprised me. Normally it follows the syntax of "{ip} {hostname} {alias}", but this one looked like this:


 


[root@FC6DELL connectors]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
::1 FC6DELL localhost.localdomain localhost

I'll look into the new syntax, but for now I changed it back to what I know:


 


[root@FC6DELL connectors]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
#::1 FC6DELL localhost.localdomain localhost
127.0.0.1 FC6DELL localhost

At this point wsconfig was producing the same error as above, so based on past experience I took a guess that ColdFusion had cached the earlier host entry, and then restarted ColdFusion.


 


[root@FC6DELL connectors]# service coldfusionmx7 restart
Restarting ColdFusion MX 7...
Stopping ColdFusion MX 7, please wait
Stopping coldfusion server.stopped
ColdFusion MX 7 has been stopped
Starting ColdFusion MX 7...
The ColdFusion MX 7 server is starting up and will be available shortly.

Problem 4: Configuring Apache 2.2


Running the apache_connector.sh script again worked... sort of:


 


[root@FC6DELL connectors]# ./apache_connector.sh
Server version: Apache/2.2.3
apachectl: Configuration syntax error, will not run "restart":
httpd: Syntax error on line 872 of /etc/httpd/conf/httpd.conf: Cannot load /opt/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun20.Error running "/usr/sbin/apachectl restart": exit code was 1
Error restarting Apache server. The web server must be restarted to complete this operation.
so into server: /opt/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun20.so: undefined symbol: ap_run_http_method

The wsconfig tool did its thing and installed the connector, but now Apache wouldn't start because the connector module library was made for Apache 2.0, not 2.2, hence the undefined symbol: ap_run_http_method message returned.


As alluded to earlier, there is a hotfix containing a connector module appropriate for Apache 2.2, so I proceded with hotfix installation.


 


[root@FC6DELL lib]# pwd
/opt/coldfusionmx7/runtime/lib
[root@FC6DELL lib]# ls -l wsconfig.jar
-rwxrwxr-x 1 nobody root 2419011 Oct 12 11:49 wsconfig.jar
[root@FC6DELL lib]# mv wsconfig.jar wsconfig.apache20.jar
[root@FC6DELL lib]# unzip wsconfig.zip
Archive: wsconfig.zip
inflating: wsconfig.jar
[root@FC6DELL lib]# ls -l wsconfig.jar
-rw-rw-rw- 1 root root 2519507 May 18 2006 wsconfig.jar

Then with the new wsconfig.jar, I removed all traces of the bad connector, then ran the connector installation script again...


 


[root@FC6DELL connectors]# ./apache_connector.sh
Server version: Apache/2.2.3
apachectl: Configuration syntax error, will not run "restart":
Restarted Apache server
The Apache connector was installed to /etc/httpd/conf
Syntax OK

Success, ok, sort of. So the connector got installed again, and the Apache 2.2 problem was solved, but now there's something else causing Apache to not start when configured to load the connector module:


 


[root@FC6DELL connectors]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [FAILED]

Problem 5: SELinux prohibits Apache from loading ColdFusion connector


Having past experience with SELinux and "Permission Denied" problems when the connector module is not in the same security context as the httpd binary, I checked the logs for SELinux messages:


 


[root@FC6DELL connectors]# tail /var/log/messages | grep jrun
Dec 3 18:16:07 FC6DELL kernel: audit(1165360567.583:44): avc: denied { execute } for pid=11436 comm="httpd" name="mod_jrun22.so" dev=hda3 ino=687741 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file
Dec 3 18:18:20 FC6DELL kernel: audit(1165360700.363:46): avc: denied { execute } for pid=11488 comm="httpd" name="mod_jrun22.so" dev=hda3 ino=687741 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file
[root@FC6DELL connectors]#

The culprit is SELinux, as identified by the avc: denied message regarding httpd. As a quick test, I momentarily turned off SELinux on the fly, tested a httpd restart, then turned it back on for another test:


 


[root@FC6DELL connectors]# setenforce 0
[root@FC6DELL connectors]# service httpd start
Starting httpd: [ OK ]
[root@FC6DELL connectors]# service httpd stop
Stopping httpd: [ OK ]
[root@FC6DELL connectors]# setenforce 1
[root@FC6DELL connectors]# service httpd start
Starting httpd: [FAILED]
[root@FC6DELL connectors]#

This confirmed that SELinux was blocking Apache from loading the ColdFusion connector module. Following my earlier instructions, I used chcon to change the security context of the connector module to be the same as the httpd binary:


 


[root@FC6DELL connectors]# chcon --reference=/usr/sbin/httpd /opt/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun22.so
[root@FC6DELL connectors]# ls -lZ /opt/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun22.so
-rwxr-xr-x root root system_u:object_r:httpd_exec_t /opt/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun22.so
[root@FC6DELL connectors]# ls -lZ /usr/sbin/httpd
-rwxr-xr-x root root system_u:object_r:httpd_exec_t /usr/sbin/httpd
[root@FC6DELL connectors]# service httpd start
Starting httpd: [FAILED]

But what happened? I fully expected this solution to resolve the problem, but no. I continued to get SELinux errors when attempting to start Apache.


Fedora Core 6 has a utility avaiable (but not installed on my system) called setroubleshoot which runs as a daemon and attempts to intercept SELinux messages for clarification. It installs with a utility that can be run in GUI or CLI mode called sealert which is supposed to pop up a balloon to notify the user when an SELinux deny message is logged.


Based on Dan Walsh's blog entry I installed the utility:


 


[root@FC6DELL ~]# yum install setroubleshoot
...
[root@FC6DELL ~]# service setroubleshoot start
Starting setroubleshootd: [ OK ]
[root@FC6DELL ~]# sealert
could not attach to desktop process

Unfortunately, the sealert utility would not start in GUI mode. Checking the logs again, I found an improved version of the SELinux deny message:


 


[root@FC6DELL ~]#
[root@FC6DELL ~]# service httpd start
Starting httpd: [FAILED]
[root@FC6DELL ~]# tail -1 /var/log/messages
Dec 3 13:08:47 FC6DELL setroubleshoot: SELinux is preventing the /usr/sbin/httpd from using potentially mislabeled files (httpd_t). For complete SELinux messages. run sealert -l 4d2a3d5e-cb8f-4f16-8fc6-c09247d09d25
[root@FC6DELL ~]#

The error is more intuitive, and recommends a specific command to generated detailed information based on that particular entry:


 


[root@FC6DELL ~]# sealert -l 4d2a3d5e-cb8f-4f16-8fc6-c09247d09d25
Summary
SELinux is preventing the /usr/sbin/httpd from using potentially mislabeled
files (httpd_t).

Detailed Description
SELinux has denied the /usr/sbin/httpd access to potentially mislabeled
files . This means that SELinux will not allow http to use these
files. Many third party apps install html files in directories that SELinux
policy can not predict. These directories have to be labeled with a file
context which httpd can accesss.

Allowing Access
If you want to change the file context of so that the httpd daemon
can access it, you need to execute it using chcon -t
httpd_sys_content_t.. You can look at the httpd_selinux man page
for additional information.

Additional Information:

Source Context: user_u:system_r:httpd_t
Target Context: user_u:system_r:httpd_t
Target Objects: None [ process ]
Affected RPM Packages: httpd-2.2.3-5 [application]
Policy RPM: selinux-policy-2.3.18-10
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.httpd_bad_labels
Host Name: FC6DELL
Platform: Linux FC6DELL 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:54:20 EDT 2006 i686 i686
Alert Count: 4
Line Numbers:

Raw Audit Messages:

avc: denied { execstack } for comm="httpd" egid=0 euid=0 exe="/usr/sbin/httpd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=3574 scontext=user_u:system_r:httpd_t:s0 sgid=0 subj=user_u:system_r:httpd_t:s0 suid=0 tclass=process tcontext=user_u:system_r:httpd_t:s0 tty=(none) uid=0

While having all this information is a big improvement for SELinux administration, I was still baffled especially since the Source Context and the Target Context were identical.


Consulting the man pages for httpd_selinux, I found some hints for how to manually configure specific security contexts on files:


 


httpd_selinux(8) httpd Selinux Policy documentation httpd_selinux(8)

NAME
httpd_selinux - Security Enhanced Linux Policy for the httpd daemon

DESCRIPTION
Security-Enhanced Linux secures the httpd server via flexible mandatory access control.

FILE_CONTEXTS
SELinux requires files to have an extended attribute to define the file type. Policy governs the access daemons have to these files. SELinux httpd policy is very flexible allowing
users to setup their web services in as secure a method as possible.

The following file contexts types are defined for httpd:
...
httpd_unconfined_script_exec_t
- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.

There were many FILE_CONTEXTS listed which I omit here, but the most extreme option is shown, httpd_unconfined_script_exec_t. I decided to try that security context first, knowing that if it worked I could change it to one of the more restrictive options. The httpd_unconfined_script_exec_t option effectly disables SELinux for the executable script. Yes, the connector module is not a web cgi script, but its the least restrictive of all the http security context options, so why not?


 


[root@FC6DELL ~]# chcon -t httpd_unconfined_script_exec_t /opt/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun22.so
[root@FC6DELL ~]# ls -Z /opt/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun22.so
-rwxr-xr-x root root system_u:object_r:httpd_unconfined_script_exec_t /opt/coldfusionmx7/runtime/lib/wsconfig/1/mod_jrun22.so

Drumroll please.... Restart Apache, and....


 


[root@FC6DELL ~]# service httpd start
Starting httpd: [FAILED]
[root@FC6DELL ~]# tail -1 /var/log/messages
Dec 3 13:30:12 FC6DELL setroubleshoot: SELinux is preventing the /usr/sbin/httpd from using potentially mislabeled files (httpd_t). For complete SELinux messages. run sealert -l 4d2a3d5e-cb8f-4f16-8fc6-c09247d09d25

Doh!


Still, Apache will not start. For now, until I figure this out, I will have to put SELinux in permissive mode when using Apache for ColdFusion. Again this is done on the fly with setenforce 0, or the /etc/selinux/config file can be modified to put SELinux in permissive mode rather than enforcing mode. Permissive mode prohibits nothing but only logs warnings about what would have been prohibited if it were enforcing. (Do not totally disable SELinux as new files created will not be able to participate in SELinux if it is later re-enabled).


The very purpose of setroubleshoot was to improve SELinux usability because it has been known to be so baffling to sysadmins that they would just turn it off always. But here we are again with a disabled SELinux because all known solutions (known to me at least) fail to resolve the unwanted security conflict.


Red Hat Magazine has had some reviews of Fedora Core 6, and it was mentioned that an upcoming article will contain more information about the supposed ease of SELinux administration.... we'll see about that.


Summary


To summarize this article, the problems required to be resolved for running ColdFusion on Fedora included:


 



  • Problem 1: Hacking the coldfusion install binary in order to remove the error about libc.so.6
    Solution: Run the string replace command shown above to rewrite the install file

  • Problem 2: Installing the libXp library to resolve the Graphing Service error
    Solution: yum install libXp

  • Problem 3: Adjusting the /etc/hosts syntax to permit wsconfig to run
    Solution: replace "::1" with 127.0.0.1 in /etc/hosts

  • Problem 4: Installing the wsconfig hotfix to get support for Apache 2.2
    Solution: install the wsconfig hotfix for Apache 2.2


Unresolved problems included:


 



  • Problem 5: Changing the security context on the connector module for httpd to start. Apache cannot be used with ColdFusion unless SELinux is off or until the context change can be made correctly
    Workaround: setenforce 0

  • Using the sealert utility in GUI mode


핑백

  • wsconfig exe entry point not found 2008-05-11 11:40:50 #

    ... is point wsconfig was producing the same error as above, so based on past ...http://magicwand.egloos.com/1778904Macromedia.com: A Redesign Done Right ... or, How To Eat Your Own Dog ... ... more

덧글

댓글 입력 영역