Httpd throws an error for third party modules "cannot enable executable stack as shared object requires: Permission denied"

Solution Unverified - Updated -

Issue

  • Apache httpd is not loading third party modules, in this case is a WebLogic module.
  • can't load mod_wl_20.so [httpd].Getting below error.
  • Restarting httpd gives :
        Starting httpd: httpd: Syntax error on line 165 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_wl_20.so into server: 
        /etc/httpd/modules/mod_wl_20.so: cannot enable executable stack as shared object requires: Permission denied [FAILED].
  • Upon looking at the /var/log/messages:

    Nov 24 10:41:25 hostname1 setroubleshoot: SELinux is preventing httpd (httpd_t) "execstack" to <Unknown> (httpd_t).
    For complete SELinux messages. run sealert -l b7e4ef63-fd8a-4e32-bb58-e9594b9d1c83
    
  • Upon running the sealert:

    root@hostname1 modules]# sealert -l b7e4ef63-fd8a-4e32-bb58-e9594b9d1c83
    
    Summary:
    
    SELinux is preventing httpd (httpd_t) "execstack" to <Unknown> (httpd_t).
    
    Detailed Description:
    
    SELinux denied access requested by httpd. It is not expected that this access is
    required by httpd and this access may signal an intrusion attempt. It is also
    possible that the specific version or configuration of the application is
    causing it to require additional access.
    
    Allowing Access:
    
    You can generate a local policy module to allow this access - see FAQ
    (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not recommended.
    Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
    against this package.
    
    Additional Information:
    
    Source Context                root:system_r:httpd_t
    Target Context                root:system_r:httpd_t
    Target Objects                None [ process ]
    Source                        httpd
    Source Path                   /usr/sbin/httpd
    Port                          <Unknown>
    Host                          hostname1
    Source RPM Packages           httpd-2.2.3-22.el5
    Target RPM Packages           
    Policy RPM                    selinux-policy-2.4.6-203.el5
    Selinux Enabled               True
    Policy Type                   targeted
    MLS Enabled                   True
    Enforcing Mode                Enforcing
    Plugin Name                   catchall
    Host Name                     hostname1
    Platform                      Linux hostname1 2.6.18-128.el5PAE #1 SMP Wed Dec
                                  17 12:02:33 EST 2008 i686 i686
    Alert Count                   6
    First Seen                    Tue Nov 23 17:10:22 2010
    Last Seen                     Wed Nov 24 10:41:25 2010
    Local ID                      b7e4ef63-fd8a-4e32-bb58-e9594b9d1c83
    Line Numbers                  
    
  • Raw Audit Messages           

    host=hostname1 type=AVC msg=audit(1290613285.556:195): avc:  denied  { execstack } for  pid=8487 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=process
    host=hostname1 type=SYSCALL msg=audit(1290613285.556:195): arch=40000003 syscall=125 success=no exit=-13 a0=bfb24000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=8486 pid=8487 auid=0 uid=0
    gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=27 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
    

Environment

  • Red Hat Enterprise Linux 5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content