"cannot restore segment prot after reloc"

Dominick Grift domg472 at gmail.com
Wed Jun 24 19:55:37 UTC 2009


On Wed, 2009-06-24 at 12:01 -0700, John Oliver wrote:
> [root at ucore-web ~]# service httpd configtest
> httpd: Syntax error on line 209 of /etc/httpd/conf/httpd.conf: Syntax
> error on line 1 of /etc/httpd/conf.d/valicert.conf: Cannot load
> /etc/httpd/modules/vcapache.so into server:
> /etc/httpd/modules/vcapache.so: cannot restore segment prot after reloc:
> Permission denied
> [root at ucore-web ~]# ls -lZ /etc/httpd/modules/vcapache.so
> -rwxr-xr-x  root root system_u:object_r:httpd_modules_t
> /etc/httpd/modules/vcapache.so
> 
> I used chcon to make vcapache.so have the same attributes as other
> Apache modules...
> 
> -rwxr-xr-x  root root system_u:object_r:httpd_modules_t mod_userdir.so
> -rwxr-xr-x  root root system_u:object_r:httpd_modules_t mod_usertrack.so
> -rwxr-xr-x  root root system_u:object_r:httpd_modules_t mod_version.so
> -rwxr-xr-x  root root system_u:object_r:httpd_modules_t
> mod_vhost_alias.so
> -rwxr-xr-x  root root system_u:object_r:httpd_modules_t vcapache.so
> 
> How to fix?  Googling results in a thousand suggestions to disable
> SELinux and a couple to "chcon -t texrel_shlib_t" which did not work for
> me.
> 
Why did "chcon -t textrel_shlib_t /etc/httpd/modules/vcapache.so" not
work? Can you show us AVC denials?

You can retrieve AVC denials with the "ausearch -m avc -ts today"
command.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090624/134eb5c0/attachment.sig>


More information about the fedora-selinux-list mailing list