Test ispconfig 3.3.1.b1 on Rocky Linux 10.1

I have install a minimal new Rocky Linux 10.1 system and try to setup on it the new beta release.
I have follow the "The Perfect Server CentOS 8" guide with some adjustments (If you're interested I can show you how I did it) and install all functionality except some functions not usually used by me, such as mod_python, metronome, mailman
The "php -q install.php" is gone without problem.
The first problem is happened when I try to access to ISPC panel: blank panel.
This is what I get from log:

The folder is writable for ispconfig user, like on another working system, Therefore this is not the problem, I have also set it to 777 permission but none is changed.
So I have comment out the tree line 158,159,160 and the ispc panel is appeared.
Now everything seems to be working and can continue with the tests.
I'll let you know.
Dario

 

SElinux it's disable:

Tomorrow I'll start looking into what's happening again....

 

I have investigate the problem with strace and the result is this:

Code:

access("/usr/local/ispconfig/interface/lib/classes/IDS/../../../temp", W_OK) = -1 EROFS (Read-only file system)

but the filesystem is rw:

Code:

[root@s-ispc ~]# df /usr/local/ispconfig/interface/lib/classes/IDS/../../../temp
File system           1K-blocchi   Usati Disponib. Uso% Montato su
/dev/mapper/ispc-root    6225920 3104616   3121304  50% /
[root@s-ispc ~]# mount |grep ' / '
/dev/mapper/ispc-root on / type xfs (rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,usrquota,grpquota)

I try with sudo with apache working user (ispconfig) but the folder is writable:

Code:

[root@s-ispc ~]# sudo -u ispconfig bash
bash-5.2$ cd /usr/local/ispconfig/interface/lib/classes/IDS/../../../temp
bash-5.2$ pwd
/usr/local/ispconfig/interface/temp
bash-5.2$ touch test
bash-5.2$ ls -l test
-rw-r--r-- 1 ispconfig ispconfig 0  5 gen 21.23 test
bash-5.2$ rm test
bash-5.2$

I have try also write a file with this simple code:

Code:

        if (!is_writeable($tmpPath)) {
                echo "Not writable '$tmpPath' path";
            //throw new \InvalidArgumentException("Please make sure the folder '$tmpPath' is writable");
                //$file = $tmpPath . "/people.txt";
                $file = '/opt/tmp/people.txt';
                // Open the file to get existing content
                $current = file_get_contents($file);
                // Append a new person to the file
                $current .= "John Smith\n";
                // Write the contents back to the file
                file_put_contents($file, $current);
        }

If I point the test file into '/opt/tmp/people.txt' the file is write.
If I try point it under $tmpPath . "/people.txt"; I get:

Code:

6166  openat(AT_FDCWD, "/usr/local/ispconfig/interface/temp/people.txt", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 EROFS (Read-only file system)

Unfortunately I don't understand why I get this error.
Could it be due to quota activation?
Any suggestions?
Many thanks

 

Thank Till.
The new RHEL systemd hardening is what cause the issue.
I have adopted the solution A:

Code:

sudo tee /etc/systemd/system/httpd.service.d/ispconfig.conf >/dev/null <<'EOF'
[Service]
ReadWritePaths=/usr/local/ispconfig/interface/temp
EOF

sudo systemctl daemon-reload
sudo systemctl restart httpd

# Check
sudo systemctl show httpd -p ProtectSystem -p ReadWritePaths -p ReadOnlyPaths
ReadWritePaths=/usr/local/ispconfig/interface/temp
ReadOnlyPaths=
ProtectSystem=yes

# Restore
sudo cp -a /usr/local/ispconfig/interface/lib/classes/IDS/Monitor.php.orig /usr/local/ispconfig/interface/lib/classes/IDS/Monitor.php

although I think it would be better to adopt C solution.
Now I have replace the original file and the ispconfig panel work again without problem.

I'll keep checking