I had this problem weeks and weeks ago:
[root@mda-vm1h ~]# service httpd configtest
httpd: Syntax error on line 209 of /etc/httpd/conf/httpd.conf: Syntax
error on line 1 of /etc/httpd/conf.d/valicert.conf: Cannot load
/etc/httpd/modules/vcapache.so into server:
/etc/httpd/modules/vcapache.so: cannot restore segment prot after reloc:
Permission denied
I solved it by creating an selinux module and "baking" it into my
kickstart. Built many machines, all worked perfectly.
Now, I have three virtual machines I installed with the same kickstart,
and I'm getting the same problem.
[root@mda-vm1h ~]# ls -lZ /etc/httpd/modules/vcapache.so
-rwxr-xr-x root root system_u:object_r:httpd_modules_t
/etc/httpd/modules/vcapache.so
type=AVC msg=audit(1241564879.792:4671): avc: denied { execheap } for
pid=28957 comm="httpd" scontext=user_u:system_r:initrc_t:s0
tcontext=user_u:system_r:initrc_t:s0 tclass=process
type=SYSCALL msg=audit(1241564879.792:4671): arch=40000003 syscall=125
success=no exit=-13 a0=ffa000 a1=1b8000 a2=5 a3=bf8b7eb0 items=0
ppid=28953 pid=28957 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts1 comm="httpd" exe="/usr/sbin/httpd"
subj=user_u:system_r:initrc_t:s0 key=(null)
[root@mda-vm1h ~]# semodule -l
amavis 1.1.0
ccs 1.0.0
clamav 1.1.0
dcc 1.1.0
evolution 1.1.0
iscsid 1.0.0
mozilla 1.1.0
mplayer 1.1.0
nagios 1.1.0
oddjob 1.0.1
pcscd 1.0.0
pyzor 1.1.0
razor 1.1.0
ricci 1.0.0
smartmon 1.1.0
valicert 1.0
There it is, at the end. I removed and reinstalled it with no effect.
It's data, so I can't cat it out, but that module worked... unless this
is some new, different problem.
Is there more magic sauce that has to be added?
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
