Home / server / Questions / 659174
In Process
Kevin
Asked: 2015-01-14 08:39:49 +0800 CST

virtualenv Failed to map segment from shared object: Permission denied

  • 772

When SELinx is in permissive the Django webapp runs fine with no alerts. The below error appears in the Apache error log, once SELinux is set to enforcing, but no alerts are logged to audit.log.

[wsgi:error]     import psycopg2 as Database
[wsgi:error]   File "/mnt/data/venv/app/lib/python3.4/site-packages/psycopg2/__init__.py", line 50, in <module>
[wsgi:error]     from psycopg2._psycopg import BINARY, NUMBER, STRING, DATETIME, ROWID
[wsgi:error] ImportError: /venv/app/lib/python3.4/site-packages/psycopg2/_psycopg.cpython-34m.so: failed to map segment from shared object: Permission denied

The system is running CentOS 7, Apache httpd 2.4 2.4.6 (rpm installed), Python 3.4.2 (source installed), and pip installed: mod_wsgi 4.4.5, virtualenv 12.0.5, psycopg2 2.5.4, and Django 1.7.2.

Nothing is logged by Django.

The current file context type of the virtualenv directory is httpd_sys_content_t.

django

1 Answers

  1. httpd_sys_script_exec_t seems to be the best file context type to be used, and only needs to be applied to the shared object file involved. 

    <virtualenv/path/>lib/python3.4/site-packages/psycopg2/_psycopg.cpython-34m.so‌​.

    As root or super user:

    semanage fcontext -a -t httpd_sys_script_exec_t </full-path-to-file/_psycopg.cpython-34m.so‌>
restorecon -v </full-path-to-file/_psycopg.cpython-34m.so‌>

    The context change will persist through reboot and filesystem relabeling.

    Based off of this miss-located question on Stack Overflow.

    • 1