selinux problem I solved months ago
John Oliver
joliver at john-oliver.net
Tue May 5 23:29:32 UTC 2009
I had this problem weeks and weeks ago:
[root at mda-vm1h ~]# service httpd configtest
httpd: Syntax error on line 209 of /etc/httpd/conf/httpd.conf: Syntax
error on line 1 of /etc/httpd/conf.d/valicert.conf: Cannot load
/etc/httpd/modules/vcapache.so into server:
/etc/httpd/modules/vcapache.so: cannot restore segment prot after reloc:
Permission denied
I solved it by creating an selinux module and "baking" it into my
kickstart. Built many machines, all worked perfectly.
Now, I have three virtual machines I installed with the same kickstart,
and I'm getting the same problem.
[root at mda-vm1h ~]# ls -lZ /etc/httpd/modules/vcapache.so
-rwxr-xr-x root root system_u:object_r:httpd_modules_t
/etc/httpd/modules/vcapache.so
type=AVC msg=audit(1241564879.792:4671): avc: denied { execheap } for
pid=28957 comm="httpd" scontext=user_u:system_r:initrc_t:s0
tcontext=user_u:system_r:initrc_t:s0 tclass=process
type=SYSCALL msg=audit(1241564879.792:4671): arch=40000003 syscall=125
success=no exit=-13 a0=ffa000 a1=1b8000 a2=5 a3=bf8b7eb0 items=0
ppid=28953 pid=28957 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts1 comm="httpd" exe="/usr/sbin/httpd"
subj=user_u:system_r:initrc_t:s0 key=(null)
[root at mda-vm1h ~]# semodule -l
amavis 1.1.0
ccs 1.0.0
clamav 1.1.0
dcc 1.1.0
evolution 1.1.0
iscsid 1.0.0
mozilla 1.1.0
mplayer 1.1.0
nagios 1.1.0
oddjob 1.0.1
pcscd 1.0.0
pyzor 1.1.0
razor 1.1.0
ricci 1.0.0
smartmon 1.1.0
valicert 1.0
There it is, at the end. I removed and reinstalled it with no effect.
It's data, so I can't cat it out, but that module worked... unless this
is some new, different problem.
Is there more magic sauce that has to be added?
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
More information about the fedora-selinux-list
mailing list