|
Graham Dumpleton
graham.dumpleton at gmail.com
Thu Jan 31 23:10:43 EST 2008
On 01/02/2008, Scott Bratcher <scott at 3floors.com> wrote: > Thank you for looking in, Graham, > > DEPENDENCIES: > # ldd /etc/httpd/modules/mod_python.so > linux-gate.so.1 => (0x00b16000) > libpthread.so.0 => /lib/libpthread.so.0 (0x00f2d000) > libdl.so.2 => /lib/libdl.so.2 (0x00aa7000) > libutil.so.1 => /lib/libutil.so.1 (0x00110000) > libm.so.6 => /lib/libm.so.6 (0x00114000) > libc.so.6 => /lib/libc.so.6 (0x00453000) > /lib/ld-linux.so.2 (0x0076d000) > > SIZE: > # ls -fla /etc/httpd/modules/mod_python.so > -rwxr-xr-x 1 root root 4.1M Jan 31 01:51 /etc/httpd/modules/ > mod_python.so* > > I'm game to reinstall python, how do I check to see if there is a > libpythonX.Y.so file linked to mod_python.so? It should appear in that list above. Check out notes in: http://code.google.com/p/modwsgi/wiki/InstallationIssues This is for mod_wsgi, but it has the same issue with the Python library. Graham > On Jan 31, 2008, at 6:51 PM, Graham Dumpleton wrote: > > > How big is your: > > > > /etc/httpd/modules/mod_python.so > > > > file? If you run ldd on it, what does it output as far as dependencies > > on shared libraries? > > > > One of the problems with some Python installations is that they still > > do not provide a shared library and so a static library gets embedded > > in mod_python.so. This results in some messy adress relocations having > > to be done when mod_python.so is loaded. I am wandering whether the > > 'reloc' mentioned in: > > > > cannot restore segment prot after reloc > > > > is the module loading relocations and it is having a problem with > > that. > > > > If there is no libpythonX.Y.so linked to mod_python.so, then reinstall > > Python using --enable-shared to configure, possibly fix up missing > > libpythonX.Y.so symlink in Python installed config directory and then > > rebuild mod_python, see if that makes a difference. > > > > Probably nothing to do with this, but if nothing else works. :-) > > > > Graham > > > > On 01/02/2008, Scott Bratcher <scott at 3floors.com> wrote: > >> Thanks Eric and Tom, > >> > >> Unresolved however. I did some permissions tests based on your > >> feedback. > >> > >> > >> I'm chasing this issue as though it is a permissions issue and have > >> identified SELinux as the hold-up. I've tried all of these permission > >> sets on the modules actual folder and the modules symlinked folder. > >> I did both directories just in case the permissions trickle down to > >> the actual files being loaded by mod_python itself: > >> > >> # chcon -R -h -u system_u -r object_r -t httpd_sys_content_t /usr/ > >> lib/ > >> httpd/modules /etc/httpd/modules > >> # chcon -R -h -u user_u -r object_r -t httpd_sys_content_t /usr/lib/ > >> httpd/modules /etc/httpd/modules > >> # chcon -R -h -u user_u -r object_r -t httpd_modules_t /usr/lib/ > >> httpd/ > >> modules /etc/httpd/modules > >> # chcon -R -h -u system_u -r object_r -t httpd_modules_t /usr/lib/ > >> httpd/modules /etc/httpd/modules ((( This one is the original > >> permission of all apache modules))) > >> # chcon -R -h -u system_u -r object_r -t lib_t /usr/lib/httpd/ > >> modules /etc/httpd/modules > >> # chcon -R -h -u system_u -r object_r -t shlib_t /usr/lib/httpd/ > >> modules /etc/httpd/modules > >> # chcon -R -h -u system_u -r object_r -t textrel_shlib_t /usr/lib/ > >> httpd/modules /etc/httpd/modules > >> > >> All gave this error: > >> ---------- > >> # service httpd start > >> Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/ > >> httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/python.conf: > >> Cannot load /etc/httpd/modules/mod_python.so into server: /etc/httpd/ > >> modules/mod_python.so: cannot restore segment prot after reloc: > >> Permission denied > >> [FAILED] > >> ---------- > >> > >> ---> This is the only one that gave me a different error. > >> ---------- > >> # chcon -R -h -u system_u -t textrel_shlib_t /usr/lib/httpd/modules / > >> etc/httpd/modules > >> # service httpd start > >> Starting httpd: httpd: Syntax error on line 148 of /etc/httpd/conf/ > >> httpd.conf: Cannot load /etc/httpd/modules/mod_auth_basic.so into > >> server: /etc/httpd/modules/mod_auth_basic.so: cannot open shared > >> object file: Permission denied > >> [FAILED] > >> ---------- > >> > >> > >> ****AGAIN I MUST NOTE: All is solved by turning off SELinux and/or > >> All is solved by not loading mod_python. All other modules loaded > >> just fine with their original permissions which matched mod_python > >> exactly. > >> > >> > >> > >> > >> Scott > >> > >> > >> > >> On Jan 31, 2008, at 1:42 PM, Tom Stambaugh wrote: > >> > >>> The incantation that I use (for solving different problems, though) > >>> is: > >>> > >>> chcon -R -h -t httpd_sys_content_t <filename> > >>> > >>> I think the "-R" makes it recurse to all children, and I think the > >>> "httpd_sys_content_t" is more permissive (though that could be > >>> mistaken). > >>> The -h causes it to apply to sym links. > >>> > >>> Afterwords, I get: > >>> > >>> #ls -lZ adminuser > >>> -rw-rw-r-- zeetix zeetix user_u:object_r:httpd_sys_content_t > >>> <filename> > >>> > >>> I use Fedora core3/core4 linux, so YMMV. > >>> > >>> Thx, > >>> Tom > >>> > >>> ----- Original Message ----- > >>> From: "Scott Bratcher" <scott at 3floors.com> > >>> To: "Eric Brunson" <brunson at brunson.com> > >>> Cc: <mod_python at modpython.org> > >>> Sent: Thursday, January 31, 2008 1:47 PM > >>> Subject: Re: [mod_python] Apache Fails to load mod_python.so with > >>> Permissiondenied error under SELinux > >>> > >>> > >>>> Thanks Eric, > >>>> > >>>> "setenforce 0" THIS WORKED. Apache started right up > >>>> > >>>> Below are the results of my attempts as you suggested. I think > >>>> we are > >>>> onto the problem because with SELinux enforced it loads right up. > >>>> However, the chcon command failed to clear up the problem. I'm > >>>> new to > >>>> SELinux. Is there another possible SELinux related permission > >>>> that may be > >>>> the solution? It's just mod_python that is giving this problem > >>>> even > >>>> though all of the others share the same t permission httpd_module. > >>>> > >>>> # ls -Zd modules > >>>> drwxr-xr-x root root system_u:object_r:httpd_modules_t modules/ > >>>> > >>>> So I changed the permissions: > >>>> > >>>> # chcon -t texrel_shlib_t /etc/httpd/modules/mod_python.so > >>>> # service httpd start > >>>> Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/ > >>>> httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/ > >>>> python.conf: > >>>> Cannot load /etc/httpd/modules/mod_python.so into server: /etc/ > >>>> httpd/ > >>>> modules/mod_python.so: cannot restore segment prot after reloc: > >>>> Permission denied > >>>> [FAILED] > >>>> # ls -Z /etc/httpd/modules/mod_python.so > >>>> -rwxr-xr-x root root system_u:object_r:textrel_shlib_t /etc/httpd/ > >>>> modules/mod_python.so* > >>>> > >>>> > >>>> > >>>> I also tried changing the permissions of the 2.5 site-packages > >>>> to the > >>>> same permissions as the previously working 2.4 site-packages, > >>>> plus the > >>>> other listed below, and the still Apache Failure occurs. > >>>> > >>>> # ls -Zd /usr/local/lib/python2.5/site-packages/ /usr/lib/ > >>>> python2.4/ > >>>> site-packages/ > >>>> drwxr-xr-x root root system_u:object_r:lib_t /usr/lib/ > >>>> python2.4/site-packages/ > >>>> drwxr-xr-x root root user_u:object_r:lib_t /usr/local/ > >>>> lib/python2.5/site-packages/ > >>>> > >>>> system_u:object_r:lib_t > >>>> system_u:object_r:textrel_shlib_t > >>>> user_u:object_r:textrel_shlib_t > >>>> > >>>> > >>>> If you have other tips I'd appreciate any help you can offer. > >>>> > >>>> Scott > >>>> > >>>> > >>>> > >>>> On Jan 31, 2008, at 10:13 AM, Eric Brunson wrote: > >>>> > >>>>> Scott Bratcher wrote: > >>>>>> Hello all, > >>>>>> > >>>>>> > >>>>>> THE PROBLEM: > >>>>>> > >>>>>> Starting Apache results in this error: > >>>>>> > >>>>>> # service httpd start > >>>>>> Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/ > >>>>>> conf/ > >>>>>> httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/ > >>>>>> python.conf: > >>>>>> Cannot load /etc/httpd/modules/mod_python.so into server: > >>>>>> /etc/httpd/modules/mod_python.so: cannot restore segment prot > >>>>>> after > >>>>>> reloc: Permission denied > >>>>>> > >>>>>> [FAILED] > >>>>>> > >>>>> > >>>>> This error message is often related to selinux permissions. > >>>>> > >>>>> A quick check to see if that is the problem is to disable > >>>>> selinux with > >>>>> the command (as root) "setenforce 0". If the module then loads > >>>>> correctly, it can be fixed permanently with the command: > >>>>> > >>>>> chcon -t texrel_shlib_t /etc/httpd/modules/mod_python.so > >>>>> > >>>>> Then, re-enable selinux with "setenforce 1". > >>>>> > >>>>> If disabling selinux does not fix the problem, then more > >>>>> investigation > >>>>> is required. > >>>>> > >>>>> Hope that helps, > >>>>> e. > >>>>> > >>>>>> USING: > >>>>>> > >>>>>> RHEL5 / SELinux > >>>>>> Apache 2.2 > >>>>>> Python 2.5.1 > >>>>>> mod_pythonn 3.3.1 > >>>>>> httpd.conf (not .htaccess) > >>>>>> > >>>>>> > >>>>>> TESTED THUS FAR: > >>>>>> > >>>>>> .so file exists with same permissions as other modules > >>>>>> # ls -Z /etc/httpd/modules/mod_python.so > >>>>>> -rwxr-xr-x root root system_u:object_r:httpd_modules_t /etc/ > >>>>>> httpd/ > >>>>>> modules/mod_python.so* > >>>>>> > >>>>>> If I comment out: > >>>>>> "#LoadModule python_module modules/mod_python.so" > >>>>>> and other related python lines Apache starts just fine without > >>>>>> mod_python. > >>>>>> # service httpd start > >>>>>> Starting httpd: > >>>>>> [ OK ] > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>> > >>>> _______________________________________________ > >>>> Mod_python mailing list > >>>> Mod_python at modpython.org > >>>> http://mailman.modpython.org/mailman/listinfo/mod_python > >>>> > >>> > >>> > >>> > >> > >> _______________________________________________ > >> Mod_python mailing list > >> Mod_python at modpython.org > >> http://mailman.modpython.org/mailman/listinfo/mod_python > >> > >
|