8

I'm using the mySQLdb module within my django application which is linked to Apache via WSGI. However I'm getting permission issues (shown below). This is down to SElinux and if I set it to passive everything is ok.

ImproperlyConfigured: Error loading MySQLdb module: /opt/django/virtenv/django15/lib/python2.7/site-packages/_mysql.so: failed to map segment from shared object: Permission denied

What is the best way to update SELinux to include this without having to turn off the whole the thing. The error is shown below:

ImproperlyConfigured: Error loading MySQLdb module: /opt/django/virtenv/django1/lib/python2.7/site-packages/_mysql.so: cfailed to map segment from shared object: Permission denied

Obito
  • 391
  • 3
  • 8
felix001
  • 15,341
  • 32
  • 94
  • 121
  • Are your database credentials set up correctly, looks like you don't have permissions to connect to the database – Paul Oostenrijk Dec 20 '14 at 23:57
  • Yep as if I turn off Selznick it connects fine – felix001 Dec 21 '14 at 07:16
  • 1
    It's likely a SELinux policy error since there are a lot of restrictions with httpd. First make sure that files read by httpd are labelled with `httpd_sys_content_t`. Use `ls -lZ` to check. For `_mysql.so`, you may need exec privleges. For that you need the label: `httpd_sys_script_exec_t`. See this answer for a similar problem: http://stackoverflow.com/questions/20919771/centos-6-4-failed-to-map-segment-from-shared-object-permission-denied – Gohn67 Dec 29 '14 at 04:10
  • Do you have `httpd_can_network_connect` on? – xnx Dec 30 '14 at 02:30

4 Answers4

9

As @Gohn67 suggests, change the SELinux security context of the file in question, allowing the HTTPD process to execute it: 

sudo chcon -R -h -t httpd_sys_script_exec_t /opt/django/virtenv/django15/lib/python2.7/site-packages/_mysql.so
Velimir Mlaker
  • 10,664
  • 4
  • 46
  • 58
0

To make is more exact, please execute:

# ls -lZ /opt/django/virtenv/django1/lib/python2.7/site-packages
# ls -lZ /opt/django/virtenv/django1/lib/python2.7/site-packages/_mysql.so
# grep mysql /var/log/audit/audit.log | audit2allow -w -a -r -v
# grep mysql /var/log/audit/audit.log | audit2allow -a -r -R mysql
Benjamin Lane
  • 1
  • 1
0

Couple of permission issues that I notice:

  1. Make sure your credentials for mySQLdb have access to the database.
  2. If you are using IP and Port to connect to the database, try using localhost.
  3. Make sure the user (chmod permissions) have access to the folder where mySQL stores stuff. Sometimes when storing media and things it need permission to the actual folder.
  4. Lastly, I would try to reset Apache server (not the entire machine).
Tigerjz32
  • 4,324
  • 4
  • 26
  • 34
0

I don't know why, but this works for me

$ sudo chcon -t shlib_t /opt/django/virtenv/django15/lib/python2.7/site-packages/*.so
Afriza N. Arief
  • 7,696
  • 5
  • 47
  • 74