CentOS 5.4 64-bit with SELinux, happily running for over a year, suddenly httpd fails to start up, getting an error message like:
Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: libxml2.so.2: failed to map segment from shared object: Permission denied
I turned off SELinux and was able to start httpd.
But what went wrong? And how to fix it and turn SELinux back on?
SElinux labels on libxml.so.2.6.26 are OK ( system_u:object_r:lib_t ) and "restorecon -n libxml.so.2.6.26" does not return anything.
No recent AVC denied entries in /var/log/audit/audit.log or /var/log/messages.
Try to turn off the dontaudit rules for domains that are in the base policy:
semodule -b /usr/share/selinux/targeted/enableaudit.pp
Then you might see the denials in the logs and fix the problem in your local policy.
HTH