Hello Marcus,
I am sorry I've probably missed your thread, and I've actually
failed to understand with gdb that selinux is the one to blame. To
make things worse, I was running Fedora as a vmware virtual machine,
and was always accessing the machine via SSH, not 'local' console.
SELinux, however, only dumps its messages to local console by
default, and I had nearly zero chance finding seeing them :) Only by
accident I tried the brand new VMWare Web Console to see how it
works, and wow! I get the messages, and then it was not so
difficult.
I was also changing distros (tried FC8, FC7 and CentOS 5.1) and
Virtual Machines with no luck for nearly 2 weeks :)
I will put that somewhere once Nicolas gives his comments..
Mike
MB> I had the exact same problem using CentOS. I saw from gdb that
MB> selinux was causing the problems.
MB> I couldn't solve it, and had to install RHEL4 instead. There was some
MB> communication about this
MB> on the list.
MB> Nice that you discovered how to deal with it, and yes it would be
MB> great if you could add it to
MB> the FAQ or install instructions on haxe.org.
MB> Good stuff,
MB> / mquickform
MB> On Mar 19, 2008, at 5:23 PM, Michael Pliskin wrote:
>> Hello all,
>>
>> NC> Yes, that would be help. Google for gdb+tutorial to find detailed
>> NC> explanations about gdb usage. In order to compile neko+mod_neko
>> in debug
>> NC> mode you need to add -g in Makefile (CFLAGS) and neko/tools/
>> install.neko
>>
>> ok, the trouble got solved now. It was, however, far from trivial...
>>
>> The root cause is selinux being enabled. It disallows something done
>> by neko (looks like executing memory), and makes apache crash
>> mysteriously.
>>
>> So the way to get this resolved is to apply the following selinux
>> policy (named nekohttpd for instance):
>>
>> module nekohttpd 1.0;
>>
>> require {
>> type httpd_t;
>> class process execmem;
>> }
>>
>> #============= httpd_t ==============
>> allow httpd_t self:process execmem;
>>
>> if this particular one doesn't work for your system, here is the
>> more generic approach:
>>
>> 1. install audit:
>> yum install audit
>> 2. start audit daemon:
>> /etc/init.d/auditd start
>> 3. try starting apache:
>> /etc/init.d/httpd start
>> 4. make the policy to permit everything apache is failing to do:
>> grep http /var/log/audit/audit.log | audit2allow -M nekohttpd
>>
>>
>> now you have the compiled nekohttpd.pp policy - only install it:
>> semodule -i nekohttpd.pp
>>
>> Nothing fancy after all :) But this probably should go to FAQ or
>> installation guide, otherwise it is really difficult to solve (if
>> you have never even heard of selinux especially).
>>
>> --
>> Best regards,
>> Michael mailto:[EMAIL PROTECTED]
>>
>>
>> --
>> Neko : One VM to run them all
>> (http://nekovm.org)
--
Best regards,
Michael mailto:[EMAIL PROTECTED]
--
Neko : One VM to run them all
(http://nekovm.org)
