[mod_python] Apache Fails to load mod_python.so with Permission denied error under SELinux

Scott Bratcher scott at 3floors.com
Thu Jan 31 13:47:36 EST 2008 

Thanks Eric,

"setenforce 0" THIS WORKED. Apache started right up

Below are the results of my attempts as you suggested. I think we are  
onto the problem because with SELinux enforced it loads right up.  
However, the chcon command failed to clear up the problem. I'm new to  
SELinux. Is there another possible SELinux related permission that  
may be the solution? It's just mod_python that is giving this problem  
even though all of the others share the same t permission httpd_module.

# ls -Zd modules
drwxr-xr-x  root root system_u:object_r:httpd_modules_t modules/

So I changed the permissions:

# chcon -t texrel_shlib_t /etc/httpd/modules/mod_python.so
# service httpd start
Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/ 
httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/python.conf:  
Cannot load /etc/httpd/modules/mod_python.so into server: /etc/httpd/ 
modules/mod_python.so: cannot restore segment prot after reloc:  
Permission denied
                                                            [FAILED]
# ls -Z /etc/httpd/modules/mod_python.so
-rwxr-xr-x  root root system_u:object_r:textrel_shlib_t /etc/httpd/ 
modules/mod_python.so*



I also tried changing the permissions of the 2.5 site-packages to the  
same permissions as the previously working 2.4 site-packages, plus  
the other listed below, and the still Apache Failure occurs.

# ls -Zd /usr/local/lib/python2.5/site-packages/ /usr/lib/python2.4/ 
site-packages/
drwxr-xr-x  root root system_u:object_r:lib_t           /usr/lib/ 
python2.4/site-packages/
drwxr-xr-x  root root user_u:object_r:lib_t             /usr/local/ 
lib/python2.5/site-packages/

system_u:object_r:lib_t
system_u:object_r:textrel_shlib_t
user_u:object_r:textrel_shlib_t


If you have other tips I'd appreciate any help you can offer.

Scott



On Jan 31, 2008, at 10:13 AM, Eric Brunson wrote:

> Scott Bratcher wrote:
>> Hello all,
>>
>>
>> THE PROBLEM:
>>
>> Starting Apache results in this error:
>>
>> # service httpd start
>> Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/ 
>> httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/ 
>> python.conf: Cannot load /etc/httpd/modules/mod_python.so into  
>> server: /etc/httpd/modules/mod_python.so: cannot restore segment  
>> prot after reloc: Permission denied
>>                                                            [FAILED]
>>
>
> This error message is often related to selinux permissions.
>
> A quick check to see if that is the problem is to disable selinux  
> with the command (as root) "setenforce 0".  If the module then  
> loads correctly, it can be fixed permanently with the command:
>
> chcon -t texrel_shlib_t /etc/httpd/modules/mod_python.so
>
> Then, re-enable selinux with "setenforce 1".
>
> If disabling selinux does not fix the problem, then more  
> investigation is required.
>
> Hope that helps,
> e.
>
>> USING:
>>
>> RHEL5 / SELinux
>> Apache 2.2
>> Python 2.5.1
>> mod_pythonn 3.3.1
>> httpd.conf (not .htaccess)
>>
>>
>> TESTED THUS FAR:
>>
>> .so file exists with same permissions as other modules
>> # ls -Z /etc/httpd/modules/mod_python.so
>> -rwxr-xr-x  root root system_u:object_r:httpd_modules_t /etc/httpd/ 
>> modules/mod_python.so*
>>
>> If I comment out:
>> "#LoadModule python_module modules/mod_python.so"
>> and other related python lines Apache starts just fine without  
>> mod_python.
>> # service httpd start
>> Starting httpd:                                            [  OK  ]
>>
>>
>>
>

More information about the Mod_python mailing list