Joe Orton wrote:
I notice there are two different types of errors being reported here, is that significant? The first is an open() failure:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140706
Starting httpd: /usr/sbin/httpd: error while loading shared libraries:
libpcre.so.0: cannot open shared object file: Permission denied
the second is, I presume, an mmap() failure, which means the open() must have succeeded:
http://bugs.php.net/bug.php?id=30952
Cannot load /usr/lib/httpd/modules/libphp5.so into server: libpng.so.3:
failed to map segment from shared object: Permission denied [FAILED]
I've just got the second type of error happening on one of my FC3 test boxes:
[root@pepsi ~]# service httpd start
Starting httpd: /usr/sbin/httpd: error while loading shared libraries: librt.so.1: failed to map segment from shared object: Permission denied
[FAILED]
[root@pepsi ~]# dmesg | tail -1
audit(1105522884.846:0): avc: denied { execute } for pid=10455 path=/lib/tls/librt-2.3.4.so dev=hda2 ino=3480245 scontext=root:system_r:httpd_t tcontext=system_u:object_r:lib_t tclass=file
[root@pepsi ~]# ls -lZ /lib/tls/librt-2.3.4.so
-rwxr-xr-x root root system_u:object_r:lib_t /lib/tls/librt-2.3.4.so
which appears to be the correct labelling, no? The box has the current updates installed, there are no SELinux-related errors in prelink.log.
No they should be shlib_t.
You need to restorecon.
joe
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
