Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 746140 - www-servers/apache with apparmor - /etc/init.d/apache2 fails to restart: Permission denied: AH00057: sending signal to server
Summary: www-servers/apache with apparmor - /etc/init.d/apache2 fails to restart: Perm...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Apache Team - Bugzilla Reports
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-02 13:31 UTC by onkobu
Modified: 2021-04-28 19:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description onkobu 2020-10-02 13:31:20 UTC
With a default apparmor configuration and apparmor running (as a boot service) apache2 restart failes with Permission denied: AH00057: sending signal to server.

Setting /usr/sbin/apache2 to complain (aa-complain) or trying aa-logprof the following rule is suggested:

signal send set=term peer=unconfined,

The current rule regarding signals is

signal (send) peer=@{profile_name}//*,

Which would also be converted to send without braces (through aa-logprof). After auto-adjustment through aa-logprof, changing both rules, /etc/init.d/apache2 restart works as expected.

Apache package version is 2.4.46 and AppArmor 2.13.4. Kernel version is 5.4.60.

Reproducible: Always

Steps to Reproduce:
1. enable apparmor, default profiles/ no changes
2. restart apache
3. error message displayed
4. stop apparmor
5. repeat /etc/init.d/apache restart
6. suddenly works
7. re-enable apparmar
8. stops working again, same error
Actual Results:  
/etc/init.d/apache2 restart bails out with Permission denied: AH00057: sending signal to server

Expected Results:  
simply restarts apache