[mod_python] Apache Fails to load mod_python.so with Permissiondenied error under SELinux

Eric Brunson brunson at brunson.com
Thu Jan 31 19:34:31 EST 2008 

What distro are you running?  Did you install from a package or from 
source?  I have RHEL5, CentOS5 and Fedora 8 machines and they all have 
no problem with selinux and loading mod_python.so.

Just curious.

Scott Bratcher wrote:
> Thanks Eric and Tom,
>
> Unresolved however. I did some permissions tests based on your feedback.
>
>
> I'm chasing this issue as though it is a permissions issue and have 
> identified SELinux as the hold-up. I've tried all of these permission 
> sets on the modules actual folder and the modules symlinked folder.
> I did both directories just in case the permissions trickle down to 
> the actual files being loaded by mod_python itself:
>
> # chcon -R -h -u system_u -r object_r -t httpd_sys_content_t 
> /usr/lib/httpd/modules /etc/httpd/modules
> # chcon -R -h -u user_u -r object_r -t httpd_sys_content_t 
> /usr/lib/httpd/modules /etc/httpd/modules
> # chcon -R -h -u user_u -r object_r -t httpd_modules_t 
> /usr/lib/httpd/modules /etc/httpd/modules
> # chcon -R -h -u system_u -r object_r -t httpd_modules_t 
> /usr/lib/httpd/modules /etc/httpd/modules ((( This one is the original 
> permission of all apache modules)))
> # chcon -R -h -u system_u -r object_r -t lib_t /usr/lib/httpd/modules 
> /etc/httpd/modules
> # chcon -R -h -u system_u -r object_r -t shlib_t 
> /usr/lib/httpd/modules /etc/httpd/modules
> # chcon -R -h -u system_u -r object_r -t textrel_shlib_t 
> /usr/lib/httpd/modules /etc/httpd/modules
>
> All gave this error:
> ----------
> # service httpd start
> Starting httpd: httpd: Syntax error on line 210 of 
> /etc/httpd/conf/httpd.conf: Syntax error on line 6 of 
> /etc/httpd/conf.d/python.conf: Cannot load 
> /etc/httpd/modules/mod_python.so into server: 
> /etc/httpd/modules/mod_python.so: cannot restore segment prot after 
> reloc: Permission denied
>                                                            [FAILED]
> ----------
>
> ---> This is the only one that gave me a different error.
> ----------
> # chcon -R -h -u system_u -t textrel_shlib_t /usr/lib/httpd/modules 
> /etc/httpd/modules
> # service httpd start
> Starting httpd: httpd: Syntax error on line 148 of 
> /etc/httpd/conf/httpd.conf: Cannot load 
> /etc/httpd/modules/mod_auth_basic.so into server: 
> /etc/httpd/modules/mod_auth_basic.so: cannot open shared object file: 
> Permission denied
>                                                            [FAILED]
> ----------
>
>
> ****AGAIN I MUST NOTE: All is solved by turning off SELinux and/or All 
> is solved by not loading mod_python. All other modules loaded just 
> fine with their original permissions which matched mod_python exactly.
>
>
>
>
> Scott
>
>
>
> On Jan 31, 2008, at 1:42 PM, Tom Stambaugh wrote:
>
>> The incantation that I use (for solving different problems, though) is:
>>
>> chcon -R -h -t httpd_sys_content_t <filename>
>>
>> I think the "-R" makes it recurse to all children, and I think the
>> "httpd_sys_content_t" is more permissive (though that could be 
>> mistaken).
>> The -h causes it to apply to sym links.
>>
>> Afterwords, I get:
>>
>> #ls -lZ adminuser
>> -rw-rw-r--  zeetix   zeetix   user_u:object_r:httpd_sys_content_t 
>> <filename>
>>
>> I use Fedora core3/core4 linux, so YMMV.
>>
>> Thx,
>> Tom
>>
>>
>>>
>>
>>
>

More information about the Mod_python mailing list