Aleksey Tsalolikhin
2010-Mar-25 02:49 UTC
[CentOS] httpd stopped working under SELinux so I had to turn SELinux off. libxml2.so.2: failed to map segment from shared object: Permission denied
Hi. CentOS 5.4 64-bit with SELinux, happily running for over a year, suddenly httpd fails to start up, getting an error message like: Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: libxml2.so.2: failed to map segment from shared object: Permission denied I turned off SELinux and was able to start httpd. But what went wrong? And how to fix it and turn SELinux back on? SElinux labels on libxml.so.2.6.26 are OK ( system_u:object_r:lib_t ) and "restorecon -n libxml.so.2.6.26" does not return anything. No recent AVC denied entries in /var/log/audit/audit.log or /var/log/messages. I googled the above error message but all I could find were web pages in Chinese advising to run restorecon on libxml2.so file or turn off SElinux. Any suggestions? Thanks Aleksey
Kwan Lowe
2010-Mar-25 03:14 UTC
[CentOS] httpd stopped working under SELinux so I had to turn SELinux off. libxml2.so.2: failed to map segment from shared object: Permission denied
On Wed, Mar 24, 2010 at 10:49 PM, Aleksey Tsalolikhin <atsaloli.tech at gmail.com> wrote:> Hi. > > CentOS 5.4 64-bit with SELinux, happily running for over a year, suddenly > httpd fails to start up, getting an error message like: > > Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf: > Cannot load /etc/httpd/modules/libphp5.so into server: libxml2.so.2: > failed to map segment from shared object: Permission denied > > I turned off SELinux and was able to start httpd. > > But what went wrong? ?And how to fix it and turn SELinux back on? > > SElinux labels on libxml.so.2.6.26 are OK ( system_u:object_r:lib_t ) > and "restorecon -n libxml.so.2.6.26" does not return anything. > > No recent AVC denied entries in /var/log/audit/audit.log or /var/log/messages. > > I googled the above error message but all I could find were web pages in Chinese > advising to run restorecon on libxml2.so file or turn off SElinux. >There was a thread awhile back: http://lists.centos.org/pipermail/centos/2010-January/088551.html Sounds like similar issues.. No AVC denials but blocking...> Thanks > Aleksey > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Kahlil Hodgson
2010-Mar-25 03:21 UTC
[CentOS] httpd stopped working under SELinux so I had to turn SELinux off. libxml2.so.2: failed to map segment from shared object: Permission denied
On 03/25/2010 01:49 PM, Aleksey Tsalolikhin wrote:> CentOS 5.4 64-bit with SELinux, happily running for over a year, suddenly > httpd fails to start up, getting an error message like: > ... > I turned off SELinux and was able to start httpd. > > But what went wrong? And how to fix it and turn SELinux back on?What went wrong? You might want to start by getting a bound on _when_ it went wrong. When was the last time you successfully started httpd? The problem happened sometime after that. Look in your logs for any suspicious events. Check /var/log/yum.log. Any new packages? Did a yum transaction fail (postinstall might be tinkering with SElinux)? Try "yum-complete-transaction". Any configuration changes since then?> Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf: > Cannot load /etc/httpd/modules/libphp5.so into server: libxml2.so.2: > failed to map segment from shared object: Permission deniedMight want to try "restorecon -rv /etc/httpd" as well. Kal -- Kahlil (Kal) Hodgson GPG: C37B01F4 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd (w) +61 (0) 3 9008 5281 Suite 1005 401 Docklands Drive Docklands VIC 3008 Australia "All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925
A. Kirillov
2010-Mar-25 07:49 UTC
[CentOS] httpd stopped working under SELinux so I had to turn SELinux off. libxml2.so.2: failed to map segment from shared object: Permission denied
> CentOS 5.4 64-bit with SELinux, happily running for over a year, suddenly > httpd fails to start up, getting an error message like: > > Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf: > Cannot load /etc/httpd/modules/libphp5.so into server: libxml2.so.2: > failed to map segment from shared object: Permission denied > > I turned off SELinux and was able to start httpd. > > But what went wrong? And how to fix it and turn SELinux back on? > > SElinux labels on libxml.so.2.6.26 are OK ( system_u:object_r:lib_t ) > and "restorecon -n libxml.so.2.6.26" does not return anything. > > No recent AVC denied entries in /var/log/audit/audit.log or /var/log/messages.Try to turn off the dontaudit rules for domains that are in the base policy: semodule -b /usr/share/selinux/targeted/enableaudit.pp Then you might see the denials in the logs and fix the problem in your local policy. HTH
Reasonably Related Threads
- Issues trying to change the selinux context
- Re: how to install BackupPC on CentOS 5.2 -- how do I use Test repository?
- Issues trying to change the selinux context
- How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
- rsync 2.6.9 uses a lot of memory; has that changed in rsync 3.0.3 ?