On 03/24/2010 10:57 PM, Aleksey Tsalolikhin wrote:
> Hi. httpd used to work but now does not start up.
> Error message:
> Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf:
> Cannot load /etc/httpd/modules/libphp5.so into server:
> libxml2.so.2: failed to map segment from shared object: Permission
> I can start httpd if I turn off SElinux, but I want to figure this out
> and re-enable
> SElinux labels on libxml.so.2.6.26 are OK ( system_u
> and "restorecon -n libxml.so.2.6.26" does not return anything so the
> labels match default. (libxml.so.2 is a symlink to 2.6.26)
> No recent AVC denied entries in /var/log/audit/audit.log or
> /var/log/messages. (One did not get logged when I tried to start httpd
> and failed.)
> I googled the above error message but all I could find were web pages in Chinese
> advising to run restorecon on libxml2.so file or turn off SElinux.
> Any suggestions on how to investigate this?
> selinux mailing list
I would suspect you have an execmod problem.
SELinux will allow a badly built library to be loaded by changing its
context to textrel_shlib_t.
You could try
chcon -t texrel_shlib_t libxml.so.2.6.26
And see if SELinux allows the access.
If you are getting no avc messages they could be dontaudited. Although
I would be surprised.
# semodule -DB
Will turn off the dontauditrules. This will generate AVC messages for
all blocked access.
You can turn the rules back on by executing
# semodule -B
selinux mailing list