Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Apache 2 doesn't work on hardened ppc32 / 64bit kernel
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on PPC
View previous topic :: View next topic  
Author Message
ccx
n00b
n00b


Joined: 11 Oct 2006
Posts: 9

PostPosted: Thu Oct 12, 2006 12:43 pm    Post subject: Apache 2 doesn't work on hardened ppc32 / 64bit kernel Reply with quote

I'm installing gentoo on Apple Xserve G5. Everything went fine so far but the apache refuses to start, reporting '(38)Function not implemented' in error log, when creating a lockfile.

Note that only library apache2 is linked to only glibc contains string 'Function not implemented'. Apache itself does not.

When mod_rewrite is enabled:
[Sun Oct 08 04:32:32 2006] [crit] (38)Function not implemented: mod_rewrite: could not create rewrite_log_lock
Configuration Failed

When mod_php is enabled:
[Thu Sep 07 16:54:04 2006] [notice] mod_python: Creating 32 session mutexes based on 6 max processes and 25 max threads.
[Thu Sep 07 16:54:04 2006] [error] (38)Function not implemented: mod_python: Failed to create global mutex 0 of 32 (/tmp/mpmtx292960).
Configuration Failed

When neither is enabled, it starts normally, and crashes in about three seconds, or before serving first connection:
[Wed Oct 11 13:14:20 2006] [emerg] (38)Function not implemented: Couldn't create accept lock

I've tried these apaches:
net-www/apache-2.0.58-r2
net-www/apache-2.0.59
net-www/apache-2.2.3
all behave same way
also various useflag (like threads) and cflag (llike -O0) swithcing doesn't help
glibc-2.4-r3 is nptlonly and doesn't allow me to downgrade

new ~ # epm -qG glibc
sys-libs/glibc-2.4-r3
new ~ # epm -qG apr
dev-libs/apr-0.9.12
dev-libs/apr-1.2.7-r3
new ~ # epm -qG apache
net-www/apache-2.2.3
new ~ # emerge --info
Portage 2.1-r2 (default-linux/ppc/ppc64/2006.0/32bit-userland/970, gcc-4.1.1, glibc-2.4-r3, 2.6.17-hardened ppc64)
=================================================================
System uname: 2.6.17-hardened ppc64 PPC970FX, altivec supported
Gentoo Base System version 1.12.4
app-admin/eselect-compiler: [Not Present]
dev-lang/python: 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: [Not Present]
dev-util/confcache: [Not Present]
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.16
ACCEPT_KEYWORDS="ppc"
AUTOCLEAN="yes"
CBUILD="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -mcpu=G5 -maltivec -mabi=altivec"
CHOST="powerpc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O3 -pipe -mcpu=G5 -maltivec -mabi=altivec"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks maketest metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="ftp://192.168.1.1/ ftp://ftp.linux.cz/pub/linux/gentoo/ ftp://ftp.sh.cvut.cz/MIRRORS/gentoo/gentoo/ ftp://ftp.fi.muni.cz/pub/linux/gentoo/"
LC_ALL="en_US.UTF-8"
LINGUAS="en cs"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage/"
USE="ppc 7zip X509 acl altivec apache2 apm bash-completion berkdb bitmap-fonts bjam bzip2 cairo chroot clamav clamd cli concurrentmodphp crypt curl cvs dba dlloader eds emboss ftp fuse gcc64 gd gdbm gif gpm hardened hardenedphp ibm imagemagick imap imlib ipv6 isdnlog javascript jpeg ldap libg++ libwww maildir mod_python mp3 mpm-peruser mysql ncurses nls nptl nptlonly ogg pam pam_chroot pcre pdf pdflib perl pic png postgres postgresql pppd pyste python qmail readline recode reflection rsbac sasl server session spamassassin spell spl ssl subversion svg sysfs tcpd threads truetype truetype-fonts type1-fonts udev unicode usb vhosts vim vim-pager vorbis vpopmail xml zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux linguas_en linguas_cs userland_GNU video_cards_ati video_cards_dummy video_cards_fbdev video_cards_mga video_cards_nv video_cards_sisusb video_cards_v4l"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Back to top
View user's profile Send private message
ccx
n00b
n00b


Joined: 11 Oct 2006
Posts: 9

PostPosted: Sat Oct 14, 2006 4:25 pm    Post subject: not hardened Reply with quote

I've just noticed that it's not using hardened profile at all, but it's strange anyway.
Back to top
View user's profile Send private message
nixnut
Bodhisattva
Bodhisattva


Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains

PostPosted: Sat Oct 14, 2006 5:21 pm    Post subject: Reply with quote

Looks like you're not the only one: http://linux.derkeiler.com/Mailing-Lists/RedHat/2003-11/1291.html
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand
Back to top
View user's profile Send private message
ccx
n00b
n00b


Joined: 11 Oct 2006
Posts: 9

PostPosted: Sun Oct 15, 2006 1:32 am    Post subject: reinstall Reply with quote

I'm trying plain reinstall now, I'll see if the problem disappears.
I've seen the link and others also, usualy something about kernel or apr.
Personally I think it's either gentoo-hardened kernel incompatabile with non-hardened profile or something's missing from glibc (nptlonly?)
Back to top
View user's profile Send private message
ccx
n00b
n00b


Joined: 11 Oct 2006
Posts: 9

PostPosted: Mon Oct 16, 2006 12:27 pm    Post subject: Aargh Reply with quote

livecd root # touch foo
touch: setting times of `foo': Function not implemented

lrwxrwxrwx 1 root root 69 Oct 14 20:46 /etc/make.profile -> ../usr/portage/profiles/default-linux/ppc/ppc64/2006.0/32bit-userland

I'm quite sure I've set this to hardened profile before bootstrap.

I'm trying /usr/portage/profiles/hardened/ppc but I'm not quite sure it's the right one
Back to top
View user's profile Send private message
nixnut
Bodhisattva
Bodhisattva


Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains

PostPosted: Mon Oct 16, 2006 4:02 pm    Post subject: Reply with quote

I still think you've upgraded glibc and neglected to rebuild the applications. I don't think this has anything whatsoever to do with hardened (kernel or toolchain).
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand
Back to top
View user's profile Send private message
ccx
n00b
n00b


Joined: 11 Oct 2006
Posts: 9

PostPosted: Tue Oct 17, 2006 8:20 pm    Post subject: new system Reply with quote

I was so excited that I didn't say that I've already made new system from stage1-ppc64-2006.0-32ul, changed profile (atleast IIRC) to usr/portage/profiles/hardened/ppc and ran bootstrap. It crashed halfway, but when ran second time it seemed it finished correctly. I tried to do emerge -e system, and it crashed on the touch thingy.

So I made new system giving up on any system hardening.
But I'm curious what's the official way to build hardened system like this anyway.
Back to top
View user's profile Send private message
ccx
n00b
n00b


Joined: 11 Oct 2006
Posts: 9

PostPosted: Sun Oct 29, 2006 6:52 pm    Post subject: Sysv ipc Reply with quote

I've installed fresh new system from stage3 32ul/64kernel.
The apache2 still kept crashing on same thing, so I tried more googling and discovered nice tool called strace.

Strace shown this as the source of error:
semget(IPC_PRIVATE, 1, IPC_CREAT|0600) = -1 ENOSYS (Function not implemented)

So I looked into kernel configuration and found out that SYS V IPC was not compiled in nor as a module.

Now waiting for kernel to recompile...
Back to top
View user's profile Send private message
ccx
n00b
n00b


Joined: 11 Oct 2006
Posts: 9

PostPosted: Sun Oct 29, 2006 6:58 pm    Post subject: Solved Reply with quote

Whoa, it works...

Should I file bug about apache ebuild not checking for required feature?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on PPC All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum