I have installed Sun's new asp for Linux (4.02) product on my Linux server. What the software does is provide asp support to httpd on Linux platforms. The Sun installer adds a module to the system so httpd can handle asp requests. When I try to start httpd I get the following messages. If I run setenforce 0 and start httpd, asp works great so the problem is with the way asp and selinux interact. I have to run with selinux enabled so disabling it is not a solution. What do I have to do to get this to work? I have contacted Sun but they don't know anything about selinux.
Mar 1 19:45:28 cisit6 kernel: audit(1109727928.415:0): avc: denied { write } for pid=8390 exe=/usr/sbin/httpd path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791 scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file Mar 1 19:45:28 cisit6 kernel: audit(1109727928.459:0): avc: denied { write } for pid=8395 exe=/usr/sbin/httpd path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791 scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file Mar 1 19:45:28 cisit6 kernel: audit(1109727928.476:0): avc: denied { write } for pid=8396 exe=/usr/sbin/httpd path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791 scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file Mar 1 19:46:02 cisit6 httpd: httpd shutdown failed Mar 1 19:46:02 cisit6 kernel: audit(1109727962.718:0): avc: denied { execute } for pid=8765 path=/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/m od_casp2.so dev=dm-0 ino=633455 scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file Mar 1 19:46:02 cisit6 httpd: Syntax error on line 191 of /etc/httpd/conf/httpd.conf: Mar 1 19:46:02 cisit6 httpd: Cannot load /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca sp2.so into server: /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca sp2.so: failed to map segment from shared object: Permission denied Mar 1 19:46:02 cisit6 httpd: httpd startup failed Mar 1 19:48:26 cisit6 kernel: audit(1109728106.456:0): avc: denied { execute } for pid=10537 path=/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/m od_casp2.so dev=dm-0 ino=633455 scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file Mar 1 19:48:26 cisit6 httpd: Syntax error on line 191 of /etc/httpd/conf/httpd.conf: Mar 1 19:48:26 cisit6 httpd: Cannot load /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca sp2.so into server: /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca sp2.so: failed to map segment from shared object: Permission denied Mar 1 19:48:26 cisit6 httpd: httpd startup failed Mar 1 19:51:04 cisit6 kernel: audit(1109728264.423:0): avc: denied { execute } for pid=10548 path=/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/m od_casp2.so dev=dm-0 ino=633455 scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file Mar 1 19:51:04 cisit6 httpd: Syntax error on line 191 of /etc/httpd/conf/httpd.conf: Mar 1 19:51:04 cisit6 httpd: Cannot load /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca sp2.so into server: /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca sp2.so: failed to map segment from shared object: Permission denied
Thanks for your time,
Jason Dravet
On Wed, 2005-03-02 at 15:45 -0600, Jason Dravet wrote:
I have installed Sun's new asp for Linux (4.02) product on my Linux server. What the software does is provide asp support to httpd on Linux platforms. The Sun installer adds a module to the system so httpd can handle asp requests. When I try to start httpd I get the following messages. If I run setenforce 0 and start httpd, asp works great so the problem is with the way asp and selinux interact. I have to run with selinux enabled so disabling it is not a solution. What do I have to do to get this to work? I have contacted Sun but they don't know anything about selinux.
First, note that you can disable SELinux enforcement just for httpd without doing setenforce 0; see: http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#using-s-c-securityl...
Mar 1 19:45:28 cisit6 kernel: audit(1109727928.415:0): avc: denied { write } for pid=8390 exe=/usr/sbin/httpd path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791 scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file
Hmmm. Hard to say what this is. You could try:
chcon -R -h -t httpd_sys_content_t /opt/casp/INSTALL/
path=/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/m od_casp2.so dev=dm-0 ino=633455 scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file
My suggestion:
chcon -h -t shlib_t /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/*.so
selinux@lists.fedoraproject.org