Fix “failed to map segment from shared object: Permission denied”

In CentOS, after deployed OpenAM web agent into the apache httpd server, sometimes we will see the following error message:

sudo service httpd start
Starting httpd: httpd: Syntax error on line 1012 of /etc/httpd/conf/httpd.conf: Cannot load /PATH/web_agents/apache22_agent/lib/mod_openam.so into server: /PATH/web_agents/apache22_agent/lib/mod_openam.so: failed to map segment from shared object: Permission denied
[FAILED]

Even we used root user but still have the “Permission denied” message. This is all because the SElinux setting.

We can temporarily turn off SElinux by making it in permissive mode:

$ getenforce
Enforcing
$ sudo setenforce 0
$ getenforce
Permissive

If you want to permanently solve the problem, need to edit the selinux config file:

sudo vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

Change SELINUX to either “permissive” or “disabled” will fix the problem.

If change SELINUX to “disabled”, need to reboot the system to apply the changes.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

Reference: click here.