Re: [Mod-security-developers] Geo Lookup Mutex Error
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Geo Lookup Mutex Error
|
From: Phil D. <ux...@sp...> - 2015-10-28 17:26:07
|
Right, after stracing the process I found that a semop() call was failing so when I checked the semaphores I saw: ------ Semaphore Arrays Creators/Owners -------- semid perms cuid cgid uid gid 0 600 root root 4294967295 4294967295 32769 600 root root 4294967295 4294967295 65538 600 root root 4294967295 4294967295 98307 600 root root 4294967295 4294967295 the problem being that the NGINX workers are running as the 'nginx' user therefore unable to write to the semaphore mutex. In https://github.com/SpiderLabs/ModSecurity/blob/master/standalone/server.c I have had to open the permissions up from 0600 to 0666: buf.sem_perm.uid = ap_unixd_config.user_id; buf.sem_perm.gid = ap_unixd_config.group_id; buf.sem_perm.mode = 0666; and once compiled and installed no more permission denied errors are generated by the geo lookup function. Hopefully this can be fixed as I do not like have to open up writes to the world, least it better than running NGINX as root! Thanks, Phil ----- On 28 Oct, 2015, at 16:22, Phil Daws ux...@sp... wrote: > as a test I changed the user that NGINX was running under to be 'root' and the > issue disappeared but obviously cannot leave it that way. > > ----- On 28 Oct, 2015, at 15:28, Phil Daws ux...@sp... wrote: > >> Good day, >> >> I have modsecurity compiled against NGINX 1.9.5 and have enabled the Geo Loopup >> capability. Am having an issue that for error url request a audit entry is >> created with the following: >> >> Message: Geo Lookup: Failed to lock proc mutex: Permission denied >> >> What would cause that error please ? Thanks. Phil >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > > > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
