On 03/24/2010 10:57 PM, Aleksey Tsalolikhin wrote:
Hi. httpd used to work but now does not start up.
Error message:
Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf:
Cannot load /etc/httpd/modules/libphp5.so into server:
libxml2.so.2: failed to map segment from shared object: Permission
denied
I can start httpd if I turn off SElinux, but I want to figure this out
and re-enable
SELinux.
SElinux labels on libxml.so.2.6.26 are OK ( system_u:object_r:lib_t )
and "restorecon -n libxml.so.2.6.26" does not return anything so the
labels match default. (libxml.so.2 is a symlink to 2.6.26)
No recent AVC denied entries in /var/log/audit/audit.log or
/var/log/messages. (One did not get logged when I tried to start httpd
and failed.)
I googled the above error message but all I could find were web pages in Chinese
advising to run restorecon on libxml2.so file or turn off SElinux.
Any suggestions on how to investigate this?
Thanks,
Aleksey
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
I would suspect you have an execmod problem.
Look at
http://people.redhat.com/~drepper/selinux-mem.html
SELinux will allow a badly built library to be loaded by changing its
context to textrel_shlib_t.
You could try
chcon -t texrel_shlib_t libxml.so.2.6.26
And see if SELinux allows the access.
If you are getting no avc messages they could be dontaudited. Although
I would be surprised.
# semodule -DB
Will turn off the dontauditrules. This will generate AVC messages for
all blocked access.
You can turn the rules back on by executing
# semodule -B