On Thu, 2008-07-24 at 15:23 -0400, Toby Bluhm wrote:
Having problems starting httpd & portmapper
#service httpd start /usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot open shared object file: No such file or directory
and I traced it to selinux, which I had just turned on for the first time:
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted
I can
#setsebool -P httpd_disable_trans on
and httpd starts - but there's zero enforcing now as I understand it.
Further digging & I get to:
# cat /var/log/audit/audit.log | audit2allow -m local
module local 1.0;
require { type portmap_t; type httpd_t; type file_t; class lnk_file read; class file { getattr read execute }; }
#============= httpd_t ============== allow httpd_t file_t:file { read getattr execute }; allow httpd_t file_t:lnk_file read;
#============= portmap_t ============== allow portmap_t file_t:file { read getattr execute }; allow portmap_t file_t:lnk_file read;
Other stuff like postfix, postgrey, amavisd are working fine since turning selinux on.
Before I make a mess of things with trying to make a new policy, shouldn't two basic services like portmap & httpd already be allowed to run out of the box by selinux?
If not, am I going down the right path to get it working?
---- if you just turned selinux on after running the computer with it disabled, you really need to relabel the entire filesystem, which does take some time. The reason is that files have been installed/created without the appropriate contexts and relabeling fixes that.
Suggest that you make sure you are fully updated, then 'touch /.autorelabel' then reboot (reboot at a time you choose because it may take a long time to relabel every file on your system - especially if you have a lot of files).
Craig