Permissions Issue or SElinux? Apache cannot load mod_wsgi

[userneedshelp]

Hello! I need help with this, please. Running Centos7

Apache won't start. Here's the error I get when I run this command. This works in another system where selinux is disabled.

Here are the permissions on the file. The same permissions are set in the folder:

[myuser@myserver appsite]$ ls -lhi /var/www/appsite/env/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so
201382447 -rwxrwxr-x. 1 myuser myuser 924K Aug 27 13:53 /var/www/appsite/env/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so
[myuser@myserver appsite]$

journalctl -xel

-- Unit httpd.service has begun starting up.
Aug 30 15:32:31 myserver.mydomain.com httpd[19980]: httpd: Syntax error on line 57 of /etc/httpd/conf/httpd.conf: Cannot load /var/www/appsite/env/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so into server: /var/www/appsite/env/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so: failed to map segment from shared object: Permission denied
Aug 30 15:32:31 myserver.mydomain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 30 15:32:31 myserver.mydomain.com kill[19982]: kill: cannot find process ""
Aug 30 15:32:31 myserver.mydomain.com systemd[1]: httpd.service: control process exited, code=exited status=1
Aug 30 15:32:31 myserver.mydomain.com systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Aug 30 15:32:31 myserver.mydomain.com systemd[1]: Unit httpd.service entered failed state.
Aug 30 15:32:31 myserver.mydomain.com systemd[1]: httpd.service failed.
Aug 30 15:32:31 myserver.mydomain.com polkitd[697]: Unregistered Authentication Agent for unix-process:19974:26582243 (system bus name :1.241, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

[Graham Dumpleton]

Try running as root:

  chcon -R -h -t httpd_sys_script_exec_t /var/www/appsite/env/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so

Is you CentOS 7 server up to date?

Also consider using:

    mod_wsgi-express install-module

to install the module into the Apache modules directory and then include it from there instead. Anything in the modules directory should be okay to load without needing to configure SELinux to allow it.

Graham

--
You received this message because you are subscribed to the Google Groups "modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modwsgi+u...@googlegroups.com.
To post to this group, send email to mod...@googlegroups.com.
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.

[userneedshelp]

That totally did the trick, Graham. Thank you! Then, as I had copied my cert and private key files from my home directory to their respective desired destinations, selinux complained.

So, the fix for that was to run this as sudo, for those who are interested:

restorecon -RvF /path/to/privatekeyfolder/
restorecon -RvF /path/to/certsfolder/

Graham,

This dev server is running selinux in enforcing targeted mode which makes me feel confident. The idea of disabling selinux at least during development states, has crossed my mind but I decided to make it work from the get-go. So, your help with this issue is greatly appreciated.