Topic:
Some Linux distributions with SELinux enabled may prevent IDL from running under the default security context. This TechTip is a workaround for CR#41937
Discussion:
Newer Linux distributions have enabled new kernel security extensions from the SELinux project at the NSA. These extensions allow finer-grained control over system security. However, SELinux also changes some default system behaviors, such as shared library loading, that can be problematic to third party programs.
If you receive the error message "cannot restore segment prot after reloc: Permission denied" when launching IDL, then your SELinux configuration is preventing IDL from launching.
编辑/etc/selinux/config,找到这段:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
把 SELINUX=enforcing 注释掉:#SELINUX=enforcing ,然后新加一行为:
SELINUX=disabled
保存,关闭。
......
编辑/etc/sysconfig/selinux,找到:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
如果SELINUX已经是 SELINUX=disabled,那么就不用改了,否则就把SELINUX=enforcing 注释掉,新加一行:
SELINUX=disabled
保存,退出。
如果你碰到其他类似提示:
cannot restore segment prot after reloc: Permission denied
哪应该是SELinux的问题,可以考虑把它关闭。
-------------------------------------------------------------------------------------
郁闷的是.我把SELinux关闭后还是不行.于是到google上search.发现这个很有用.
在你保证SElinux 被disable后.还执行下
chcon -t texrel_shlib_t
如: chcon -t texrel_shlib_t /路径/路径/名字.so (这个文件视具体执行文件.)
以上两步.已经解决了很多server的问题了.
阅读(1404) | 评论(0) | 转发(0) |
