OTRS 5 shm error log

Moderator: crythias

Post Reply
manoj99
Znuny newbie
Posts: 41
Joined: 22 Jan 2020, 00:00
Znuny Version: 5.0.42
Real Name: mk99

OTRS 5 shm error log

Post by manoj99 »

Hello,

We recently migrate our OTRS application to CentOS 7 from SUSE 11.

Our new environment stack - CentOS 7 + SeLinux + httpd + mod_perl.

I have recently found that, when a system reboot occurs,

we see the below error on logs which would in turn make system log, Agents, Groups and Fetch Mail stop working
[Error][Kernel::System::Log::new][110] Can't remove shm for log: Invalid argument.
I have read some articles on internet and found the its because of shared memory + SeLinux,

using this command below , I can find the shared memory segments,

ipcs -mp

------ Shared Memory Creator/Last-op PIDs --------
shmid owner cpid lpid
1 otrs 9981 23630

Now, when the owner is OTRS, it stops working but when its apache(httpd ) then everything works fine,

So, I try to remove the shmid using this command --> ipcrm -m 1 and that helps to kill the shmid and fall back to owner as "apache" instead of otrs.

I'm looking for a permanent solution for this, when a system reboot occurs, so that the shm error disappears and works perfectly fine.

Any help is appreciated.

Note: we are yet to migrate our product to V6 which is due in sometime later
Thanks,
M.
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS 5 shm error log

Post by root »

Hi,

I guess your SELINUX is set to enforcing. I recommend using permissive until you have configured a proper profile for your system. Or disable it.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
manoj99
Znuny newbie
Posts: 41
Joined: 22 Jan 2020, 00:00
Znuny Version: 5.0.42
Real Name: mk99

Re: OTRS 5 shm error log

Post by manoj99 »

Hi Roy,

Thanks for the reply. I'm acutally looking for a permanent sol than just setting it to permissive.

However, I couldn't find any SeLinux denials messages with journalctl -t setroubleshoot. Would like to know if that's a bug in OTRS with SeLinux enabled for shared memory or something else.

Thanks,
M.
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS 5 shm error log

Post by root »

manoj99 wrote: 26 Mar 2021, 19:50 Hi Roy,

Thanks for the reply. I'm acutally looking for a permanent sol than just setting it to permissive.

However, I couldn't find any SeLinux denials messages with journalctl -t setroubleshoot. Would like to know if that's a bug in OTRS with SeLinux enabled for shared memory or something else.
Hi M,

This is not really a bug in Znuny/OTRS. It requires disabled SELinux. You should be able to create an SELinux profile from the log files. The shm is needed for the shared log between the daemon and the webserver. The users otrs and apache need to write and read shm.
And I would appreciate a contribution to Znuny regarding this ;-)

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
manoj99
Znuny newbie
Posts: 41
Joined: 22 Jan 2020, 00:00
Znuny Version: 5.0.42
Real Name: mk99

Re: OTRS 5 shm error log

Post by manoj99 »

Hi Roy,

So with SeLinux enabled, how would we create a profile or what exact label and which specific dir path should have it for share memory?

Thanks,
M
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS 5 shm error log

Post by root »

Hi M,

The easiest way should be creating a profile after running OTRS with SELinux mode permissive.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
manoj99
Znuny newbie
Posts: 41
Joined: 22 Jan 2020, 00:00
Znuny Version: 5.0.42
Real Name: mk99

Re: OTRS 5 shm error log

Post by manoj99 »

Hi Roy,

Sorry for the trouble, Like what in general do you mean by SeLinux profile. Is it a local policy?

Can you provide an example.

Thanks,
M
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS 5 shm error log

Post by root »

manoj99 wrote: 12 Apr 2021, 17:44 Sorry for the trouble, Like what in general do you mean by SeLinux profile. Is it a local policy?

Can you provide an example.
Hi,

Yes with profile I meant a policy. See the SELinux manual e.g. this link https://www.ergton.com/how-to-create-se ... entos.html how to create a policy.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
manoj99
Znuny newbie
Posts: 41
Joined: 22 Jan 2020, 00:00
Znuny Version: 5.0.42
Real Name: mk99

Re: OTRS 5 shm error log

Post by manoj99 »

Thank you Roy. That should help.
Post Reply