Httpd throws an error for third party modules "cannot enable executable stack as shared object requires: Permission denied"
Issue
- Apache httpd is not loading third party modules, in this case is a WebLogic module.
- can't load mod_wl_20.so [httpd].Getting below error.
- Restarting httpd gives :
Starting httpd: httpd: Syntax error on line 165 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_wl_20.so into server:
/etc/httpd/modules/mod_wl_20.so: cannot enable executable stack as shared object requires: Permission denied [FAILED].
-
Upon looking at the /var/log/messages:
Nov 24 10:41:25 hostname1 setroubleshoot: SELinux is preventing httpd (httpd_t) "execstack" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l b7e4ef63-fd8a-4e32-bb58-e9594b9d1c83
-
Upon running the sealert:
root@hostname1 modules]# sealert -l b7e4ef63-fd8a-4e32-bb58-e9594b9d1c83 Summary: SELinux is preventing httpd (httpd_t) "execstack" to <Unknown> (httpd_t). Detailed Description: SELinux denied access requested by httpd. It is not expected that this access is required by httpd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context root:system_r:httpd_t Target Context root:system_r:httpd_t Target Objects None [ process ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host hostname1 Source RPM Packages httpd-2.2.3-22.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-203.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name hostname1 Platform Linux hostname1 2.6.18-128.el5PAE #1 SMP Wed Dec 17 12:02:33 EST 2008 i686 i686 Alert Count 6 First Seen Tue Nov 23 17:10:22 2010 Last Seen Wed Nov 24 10:41:25 2010 Local ID b7e4ef63-fd8a-4e32-bb58-e9594b9d1c83 Line Numbers
-
Raw Audit Messages
host=hostname1 type=AVC msg=audit(1290613285.556:195): avc: denied { execstack } for pid=8487 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=process host=hostname1 type=SYSCALL msg=audit(1290613285.556:195): arch=40000003 syscall=125 success=no exit=-13 a0=bfb24000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=8486 pid=8487 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=27 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
Environment
- Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.