You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Graham Leggett <mi...@sharp.fm> on 2005/01/25 16:08:47 UTC

Weird error: httpd dies with mmap permission denied

Hi all,

After building httpd trunk on Fedora Core 3 and installing it, any attempt
at running httpd dies as listed below.

The same version of httpd built on MacOSX works fine.

Can anyone recognise what's going on here and what I should do to fix it?

[root@fosvn01 SPECS]# strace httpd -D
execve("/usr/sbin/httpd", ["httpd", "-D"], [/* 22 vars */]) = 0
uname({sys="Linux", node="fosvn01.scmb.co.za", ...}) = 0
brk(0)                                  = 0x9493000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=52802, ...}) = 0
old_mmap(NULL, 52802, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ff3000
close(3)                                = 0
open("/lib/tls/libm.so.6", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0003\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=213448, ...}) = 0
old_mmap(NULL, 139424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = -1 EACCES (Permission denied)
close(3)                                = 0
writev(2, [{"httpd", 5}, {": ", 2}, {"error while loading shared
libra"..., 36}, {": ", 2}, {"libm.so.6", 9}, {": ", 2}, {"failed to map
segment from share"..., 40}, {": ", 2}, {"Permission denied", 17}, {"\n",
1}], 10) = 116
exit_group(127)                         = ?

Regards,
Graham
--

Re: Weird error: httpd dies with mmap permission denied

Posted by Joe Orton <jo...@redhat.com>.

On Tue, Jan 25, 2005 at 06:04:26PM +0200, Graham Leggett wrote:
> Joe Orton said:
> 
> > You've been bitten by SELinux, see /var/log/messages for the
> > corresponding avc denial message.  It's either:
> >
> > 1) an elusive bug seen by some FC3 users where shared library SELinux
> > labels go awry, fixed by running "fixfiles restore" as root.
> 
> Just tried fixfiles restore, and it's back to life again - thanks!
> 
> Reading the links you listed and using ps axZ | grep httpd, it shows this:
> 
> [root@fosvn01 SPECS]# ps axZ | grep httpd
> root:system_r:unconfined_t      17684 pts/2    S+     0:00 grep httpd
> 
> Is it supposed to be unconfined_t or have I screwed it up?

That's just for grep, it doesn't show a running httpd at all; if httpd
was running, you should get lines like:

root:system_r:httpd_t           14301 ?        Ss     0:01 /usr/sbin/httpd

which show the correct security context.

joe

Re: Weird error: httpd dies with mmap permission denied

Posted by Graham Leggett <mi...@sharp.fm>.

Joe Orton said:

> You've been bitten by SELinux, see /var/log/messages for the
> corresponding avc denial message.  It's either:
>
> 1) an elusive bug seen by some FC3 users where shared library SELinux
> labels go awry, fixed by running "fixfiles restore" as root.

Just tried fixfiles restore, and it's back to life again - thanks!

Reading the links you listed and using ps axZ | grep httpd, it shows this:

[root@fosvn01 SPECS]# ps axZ | grep httpd
root:system_r:unconfined_t      17684 pts/2    S+     0:00 grep httpd

Is it supposed to be unconfined_t or have I screwed it up?

Regards,
Graham
--

Re: Weird error: httpd dies with mmap permission denied

Posted by Joe Orton <jo...@redhat.com>.

On Tue, Jan 25, 2005 at 05:08:47PM +0200, Graham Leggett wrote:
> After building httpd trunk on Fedora Core 3 and installing it, any attempt
> at running httpd dies as listed below.
> 
> The same version of httpd built on MacOSX works fine.
> 
> Can anyone recognise what's going on here and what I should do to fix it?
> 
> [root@fosvn01 SPECS]# strace httpd -D
...
> open("/lib/tls/libm.so.6", O_RDONLY)    = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0003\0"..., 512)
> = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=213448, ...}) = 0
> old_mmap(NULL, 139424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = -1 EACCES (Permission denied)

You've been bitten by SELinux, see /var/log/messages for the
corresponding avc denial message.  It's either:

1) an elusive bug seen by some FC3 users where shared library SELinux
labels go awry, fixed by running "fixfiles restore" as root.

2) since you're using self-built httpd it's possibly something less
subtle, in which case you could disable the SELinux policy for httpd
using "setsebool httpd_disable_trans 1".  Pass -P to setsebool to make
that policy change permanent; make sure you've got the latest libselinux
package from the FC3 updates.

See http://fedora.redhat.com/docs/selinux-apache-fc3/ for SELinux vs
httpd stuff or http://fedora.redhat.com/docs/selinux-faq-fc3/ for
general information on SELinux in FC3.

joe