Thruk not loading - Getting Permission issue from Thruk 3.10 after fresh installation on Alma 8.9 OS

[sjose1x]

Describe the bug
Getting the below error after the fresh installation of Thruk 3.10 on Alma 8.9 OS

[Tue Apr 02 22:15:25.086863 2024] [core:notice] [pid 118295:tid 140008009054528] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Apr 02 22:15:25.087984 2024] [suexec:notice] [pid 118295:tid 140008009054528] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 144.54.110.34. Set the 'ServerName' directive globally to suppress this message
[Tue Apr 02 22:15:25.425412 2024] [lbmethod_heartbeat:notice] [pid 118295:tid 140008009054528] AH02282: No slotmem from mod_heartmonitor
[Tue Apr 02 22:15:25.428054 2024] [http2:warn] [pid 118295:tid 140008009054528] AH02951: mod_ssl does not seem to be enabled
[Tue Apr 02 22:15:25.433350 2024] [mpm_event:notice] [pid 118295:tid 140008009054528] AH00489: Apache/2.4.37 (AlmaLinux) mod_fcgid/2.3.9 configured -- resuming normal operations
[Tue Apr 02 22:15:25.433391 2024] [core:notice] [pid 118295:tid 140008009054528] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Can't open /var/log/thruk/thruk.log (Permission denied) at /usr/lib64/thruk/perl5/Log/Log4perl/Appender/File.pm line 151.
[Tue Apr 02 22:16:30.869811 2024] [fcgid:warn] [pid 118303:tid 140007033513728] (104)Connection reset by peer: [client 130.141.153.20:50866] mod_fcgid: error reading data from FastCGI server
[Tue Apr 02 22:16:30.869867 2024] [core:error] [pid 118303:tid 140007033513728] [client 130.141.153.20:50866] End of script output before headers: fcgid_env.sh

Installation steps

dnf install -y libthruk-3.00-0.rhel8.x86_64.rpm
dnf install -y thruk-base-3.10-12645.1.rhel8.x86_64.rpm
dnf install -y thruk-3.10-12645.1.rhel8.x86_64.rpm
dnf install -y thruk-plugin-reporting-3.10-12645.1.rhel8.x86_64.rpm

File Permission

[root@test-thruk]# ll /var/log/thruk/thruk.log
-rw-rw-rw-. 1 apache apache 219 Apr  2 22:20 /var/log/thruk/thruk.log

Thruk Version
Version of Thruk - 3.10 (Standalone installation)

Audit Log

type=AVC msg=audit(1712077626.209:1718): avc:  denied  { setattr } for  pid=119460 comm="thruk_fastcgi.p" name="thruk" dev="dm-0" ino=136248752 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1712077626.209:1718): arch=c000003e syscall=92 success=no exit=-13 a0=5612cbcf7ca0 a1=ffffffff a2=30 a3=5612cbb4dd40 items=0 ppid=118301 pid=119460 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="thruk_fastcgi.p" exe="/usr/bin/perl" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=chown AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=PROCTITLE msg=audit(1712077626.209:1718): proctitle=2F7573722F62696E2F7065726C002F7573722F73686172652F746872756B2F7363726970742F746872756B5F666173746367692E706C
type=USER_AVC msg=audit(1712077626.253:1719): pid=880 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus.Properties member=GetAll dest=org.freedesktop.timedate1 spid=119463 tpid=119464 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:timedatex_t:s0 tclass=dbus permissive=0  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus"
type=SERVICE_START msg=audit(1712077626.253:1720): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=timedatex comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=AVC msg=audit(1712077626.290:1721): avc:  denied  { open } for  pid=119460 comm="thruk_fastcgi.p" path="/var/log/thruk/thruk.log" dev="dm-0" ino=69514599 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1712077626.290:1721): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5612cd6672f0 a2=441 a3=1b6 items=0 ppid=118301 pid=119460 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="thruk_fastcgi.p" exe="/usr/bin/perl" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=openat AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=PROCTITLE msg=audit(1712077626.290:1721): proctitle=2F7573722F62696E2F7065726C002F7573722F73686172652F746872756B2F7363726970742F746872756B5F666173746367692E706C
type=SERVICE_START msg=audit(1712077627.006:1722): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"

Expected behavior
Thruk should be loading

Error Info From Browser

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log

Desktop (please complete the following information):

• chrome, edge
• latest

Additional context
there are no error message in the /var/log/thruk/thruk.log file

[sni]

sounds like a selinux issue, could you try to disable selinux temporarily with setenforce 0.

[sjose1x]

Yes, it worked with setenforce 0 ..., but how can we achieve it without disabling selinux

[sni]

tbh, i never spend much time on selinux. You need to find the missing roles and apply them to the httpd. If you found out how to get thruk working with selinux, let me know and i will document it somewhere.