|
Eric Brunson
brunson at brunson.com
Thu Jan 31 15:00:19 EST 2008
Scott Bratcher wrote: > Thanks Eric, > > "setenforce 0" THIS WORKED. Apache started right up > > Below are the results of my attempts as you suggested. I think we are > onto the problem because with SELinux enforced it loads right up. > However, the chcon command failed to clear up the problem. I'm new to > SELinux. Is there another possible SELinux related permission that may > be the solution? It's just mod_python that is giving this problem even > though all of the others share the same t permission httpd_module. > > # ls -Zd modules > drwxr-xr-x root root system_u:object_r:httpd_modules_t modules/ > > So I changed the permissions: > > # chcon -t texrel_shlib_t /etc/httpd/modules/mod_python.so > # service httpd start > Starting httpd: httpd: Syntax error on line 210 of > /etc/httpd/conf/httpd.conf: Syntax error on line 6 of > /etc/httpd/conf.d/python.conf: Cannot load > /etc/httpd/modules/mod_python.so into server: > /etc/httpd/modules/mod_python.so: cannot restore segment prot after > reloc: Permission denied > [FAILED] > # ls -Z /etc/httpd/modules/mod_python.so > -rwxr-xr-x root root system_u:object_r:textrel_shlib_t > /etc/httpd/modules/mod_python.so* I'm far from an expert in selinux, so this could be hit and miss. The google article I was reading may have been out of date, I know selinux policies have been under heavy development in Fedora and RHEL. Try: chcon -t system_u:object_r:httpd_modules_t /etc/httpd/modules/mod_python.so Later, e. > > > > I also tried changing the permissions of the 2.5 site-packages to the > same permissions as the previously working 2.4 site-packages, plus the > other listed below, and the still Apache Failure occurs. > > # ls -Zd /usr/local/lib/python2.5/site-packages/ > /usr/lib/python2.4/site-packages/ > drwxr-xr-x root root system_u:object_r:lib_t > /usr/lib/python2.4/site-packages/ > drwxr-xr-x root root user_u:object_r:lib_t > /usr/local/lib/python2.5/site-packages/ > > system_u:object_r:lib_t > system_u:object_r:textrel_shlib_t > user_u:object_r:textrel_shlib_t > > > If you have other tips I'd appreciate any help you can offer. > > Scott > > > > On Jan 31, 2008, at 10:13 AM, Eric Brunson wrote: > >> Scott Bratcher wrote: >>> Hello all, >>> >>> >>> THE PROBLEM: >>> >>> Starting Apache results in this error: >>> >>> # service httpd start >>> Starting httpd: httpd: Syntax error on line 210 of >>> /etc/httpd/conf/httpd.conf: Syntax error on line 6 of >>> /etc/httpd/conf.d/python.conf: Cannot load >>> /etc/httpd/modules/mod_python.so into server: >>> /etc/httpd/modules/mod_python.so: cannot restore segment prot after >>> reloc: Permission denied >>> [FAILED] >>> >> >> This error message is often related to selinux permissions. >> >> A quick check to see if that is the problem is to disable selinux >> with the command (as root) "setenforce 0". If the module then loads >> correctly, it can be fixed permanently with the command: >> >> chcon -t texrel_shlib_t /etc/httpd/modules/mod_python.so >> >> Then, re-enable selinux with "setenforce 1". >> >> If disabling selinux does not fix the problem, then more >> investigation is required. >> >> Hope that helps, >> e. >> >>> USING: >>> >>> RHEL5 / SELinux >>> Apache 2.2 >>> Python 2.5.1 >>> mod_pythonn 3.3.1 >>> httpd.conf (not .htaccess) >>> >>> >>> TESTED THUS FAR: >>> >>> .so file exists with same permissions as other modules >>> # ls -Z /etc/httpd/modules/mod_python.so >>> -rwxr-xr-x root root system_u:object_r:httpd_modules_t >>> /etc/httpd/modules/mod_python.so* >>> >>> If I comment out: >>> "#LoadModule python_module modules/mod_python.so" >>> and other related python lines Apache starts just fine without >>> mod_python. >>> # service httpd start >>> Starting httpd: [ OK ] >>> >>> >>> >> >
|