Le 17-10-2018, à 05:38:11 +0000, Steve Kemp a écrit :
To recap you reported the original error:
apache2: Could not open configuration file /etc/apache2/apache2.conf:
Permission denied
Now you've provided more details, from your audit-log:
type=AVC msg=audit(1539750555.347:77): apparmor="DENIED"
operation="open" profile="/usr/sbin/apache2"
name="/etc/apache2/apache2.conf" pid=17485 comm="apache2"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
There you see "DENIED" along with "exit=-13". You can lookup
the meaning of "-13" via this command but I'll guess it correpondes to
EPERM ("permission denied"):
ausearch --interpret --exit -13
In conclusion: You're using apparmor, it prevented the process from
opening the configuration file, which stopped the service from starting.
That was logged explicitly :)
Good point. But since I have not explicitly installed apparmor and thus
don't know how to use it (was installed during an update I guess), I
didn't really bothered.
To fix this either:
1. Fix apparmor so that you can open the file.
2. Disable apparmor.
The first might be as simple as `systemctl restart apparmor.service`,
that's working on the basis that:
Didn't work, same error message.
* You had apparmor installed.
* You've now just installed apache.
To be correct, I just reinstalled it.
Stopped apparmor then tried to start apache2, but same problem.
* This will have given you new apparmor rules.
* But they won't be loaded because apparmor wasn't reloaded.
* So apache failed.
I'm not 100% sure if that is the case, but it seems likely. If not
you'll need to do some reading. Perhaps start here:
https://wiki.debian.org/AppArmor
Yeah, I think I'm gonna have to do that.
But I must say it's a bit shitty because "before", all I had to do to
run apache was 'apt install apache2'. Don't understand why this apparmor
thing is screwing my habits…
Thanks for your help and pointers.
Steve
