selinux and ASP for Linux
Jason Dravet
dravet at calumet.purdue.edu
Wed Mar 2 21:45:27 UTC 2005
I have installed Sun's new asp for Linux (4.02) product on my Linux server.
What the software does is provide asp support to httpd on Linux platforms.
The Sun installer adds a module to the system so httpd can handle asp
requests. When I try to start httpd I get the following messages. If I run
setenforce 0 and start httpd, asp works great so the problem is with the way
asp and selinux interact. I have to run with selinux enabled so disabling
it is not a solution. What do I have to do to get this to work? I have
contacted Sun but they don't know anything about selinux.
Mar 1 19:45:28 cisit6 kernel: audit(1109727928.415:0): avc: denied { write }
for pid=8390 exe=/usr/sbin/httpd
path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791
scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file
Mar 1 19:45:28 cisit6 kernel: audit(1109727928.459:0): avc: denied { write }
for pid=8395 exe=/usr/sbin/httpd
path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791
scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file
Mar 1 19:45:28 cisit6 kernel: audit(1109727928.476:0): avc: denied { write }
for pid=8396 exe=/usr/sbin/httpd
path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791
scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file
Mar 1 19:46:02 cisit6 httpd: httpd shutdown failed
Mar 1 19:46:02 cisit6 kernel: audit(1109727962.718:0): avc: denied { execute
} for pid=8765
path=/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/m
od_casp2.so dev=dm-0 ino=633455 scontext=root:system_r:httpd_t
tcontext=root:object_r:usr_t tclass=file
Mar 1 19:46:02 cisit6 httpd: Syntax error on line 191 of
/etc/httpd/conf/httpd.conf:
Mar 1 19:46:02 cisit6 httpd: Cannot load
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca
sp2.so into server:
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca
sp2.so: failed to map segment from shared object: Permission denied
Mar 1 19:46:02 cisit6 httpd: httpd startup failed
Mar 1 19:48:26 cisit6 kernel: audit(1109728106.456:0): avc: denied { execute
} for pid=10537
path=/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/m
od_casp2.so dev=dm-0 ino=633455 scontext=root:system_r:httpd_t
tcontext=root:object_r:usr_t tclass=file
Mar 1 19:48:26 cisit6 httpd: Syntax error on line 191 of
/etc/httpd/conf/httpd.conf:
Mar 1 19:48:26 cisit6 httpd: Cannot load
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca
sp2.so into server:
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca
sp2.so: failed to map segment from shared object: Permission denied
Mar 1 19:48:26 cisit6 httpd: httpd startup failed
Mar 1 19:51:04 cisit6 kernel: audit(1109728264.423:0): avc: denied { execute
} for pid=10548
path=/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/m
od_casp2.so dev=dm-0 ino=633455 scontext=root:system_r:httpd_t
tcontext=root:object_r:usr_t tclass=file
Mar 1 19:51:04 cisit6 httpd: Syntax error on line 191 of
/etc/httpd/conf/httpd.conf:
Mar 1 19:51:04 cisit6 httpd: Cannot load
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca
sp2.so into server:
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca
sp2.so: failed to map segment from shared object: Permission denied
Thanks for your time,
Jason Dravet
More information about the fedora-selinux-list
mailing list