Menu
▾
▴
Re: [Connotea-code-devel] Red Hat Enterprise 4 install problems
|
From: Martin F. <ma...@ne...> - 2006-03-03 00:02:43
|
Yes, in RHEL 4 there is a new feature called selinux. You can read about it here for Red Hat specifically: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/ ...and here more generally: http://www.nsa.gov/selinux/ Short answer is, you can turn it off: 1. Run "setenforce 0" as root 2. Edit /etc/selinux/config to say SELINUX=disabled We do have a server running Connotea Code with it still turned on. To do that, we had to change the security context of the files under /var/lib/mysql using the chcon utility because upon installing the mysql rpm package from mysql.com that was not done automatically and mysql would not start. I did not see any denials for httpd regarding MD5. FWIW, I checked out the security label on my copy of MD5.so, and it matches yours, so I'm not sure what is wrong: [root@neutron ~]# cd /usr/lib/perl5 [root@neutron perl5]# find -name MD5.so ./5.8.5/i386-linux-thread-multi/auto/Digest/MD5/MD5.so [root@neutron perl5]# cd 5.8.5/i386-linux-thread-multi/auto/Digest/MD5 [root@neutron MD5]# ll -Z MD5.so -r-xr-xr-x root root root:object_r:lib_t MD5.so If you can't figure out the selinux situation then you can turn it off. Hope you don't mind I copied this back to the mailing list. Cheers, Martin Harrison Dekker wrote: > Martin, > > Re-confirmed that all the CPAN modules were installed so I'm doing some > further diagnostics. > I'm looking in /var/log/messages and I see this occurring when httpd > fails to start: > > Mar 2 15:10:16 librrc-rh kernel: audit( 1141341016.209:19): avc: > denied { execute } for pid=19286 comm="httpd" name="MD5.so" dev=hda2 > ino=965876 scontext=root:system_r:httpd_t tcontext=root:object_r:lib_t > tclass=file > > Apparently this indicates some sort of "SELinux" security problem. I've > been away from Red Hat for a few years so this is new to me. I'll keep > reading up on this stuff, but if you have a quick configuration > solution, shoot me an e-mail (or if you think I'm misdiagnosing this!) > > -Harrison > > On 3/1/06, *Martin Flack* <ma...@ne... > <mailto:ma...@ne...>> wrote: > > Harrison Dekker wrote: > > On 3/1/06, *Martin Flack* <ma...@ne... > <mailto:ma...@ne...> > > On our RHEL 3 instance, Apache::File is actually provided by > > Apache::compat which is from rpm "mod_perl- 1.99_09-10.ent". > ... > > I also tried rpm -ql mod_perl and File.pm <http://File.pm> > <http://File.pm> didn't show up. > > What I mean is that Apache/compat.pm provides the Apache::File package. > There is no Apache/File.pm. Do you have Apache/compat.pm? > > You're starting up Apache as root using a init.d script, correct? > As in: > /sbin/service httpd start > > Martin > > > > > -- > Harrison Dekker > Coordinator of Data Services > Doe/Moffitt Libraries, UC Berkeley |
