Score:0

Server

SELinux Issue - git status fatal: Out of memory? mmap failed: Permission denied

mahen3d

1/3/23, 2:43 AM

I have Centos 7.9 server running with Apache and Git, however if I do a

[root@a]# git status
fatal: Out of memory? mmap failed: Permission denied

But if Disable or Permissive the SE-Linux via below commands it start working fine.

setenforce Permissive

Any idea on how to fix this issue permanently with SELinux enabled?

Audit log says

node=a type=PROCTITLE msg=audit(1630636505.296:37076): proctitle=67697400737461747573
node=a type=MMAP msg=audit(1630636505.296:37076): fd=3 flags=0x2
node=a type=SYSCALL msg=audit(1630636505.296:37076): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=3ebd0 a2=3 a3=2 items=0 ppid=8008 pid=8156 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=570 comm="git" exe="/usr/bin/git" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
node=a type=AVC msg=audit(1630636505.296:37076): avc:  denied  { map } for  pid=8156 comm="git" path="/www/site/.git/index" dev="sda2" ino=540400 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:httpd_t:s0 tclass=file permissive=0

208

1 + 4

selinux

centos

git

Matthew Ife

1/3/23, 11:05 AM

Root is normally unconfined. Can you provide the result of `id -Z`?

Michael Hampton

1/3/23, 12:51 PM

Check the audit log.

mahen3d

1/5/23, 10:58 PM

@MichaelHampton I added the audit log into it says something abt scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:httpd_t:s0 tclass=file permissive=0

mahen3d

1/5/23, 10:59 PM

@MatthewIfe it says unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Score:2

Server

Matthew Ife

1/5/23, 11:58 PM

The problem is this file you're mapping:

/www/site/.git/index

This file has the type httpd_t however that isn't actually a legitimate file type but is a process (or domain type as its known) instead.

You should probably set the context of /www as being httpd_sys_content_t or if you want to allow the webserver to write to it httpd_sys_content_rw_t.

If I had to guess, I'm going to assume you did a chcon -t httpd_t on /www in error.

The best approach to fix this properly will be to reset and restore the file contexts:

# semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
# restorecon -rv /www

This should set the correct context and prevent future context mishaps.

Then test the git status again to check it worked.

0 + 1

mahen3d

1/6/23, 5:43 AM

yeah i ran this, 'sudo chcon -Rv --type=httpd_t /www/'

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SELinux Issue - git status fatal: Out of memory? mmap failed: Permission denied

TH: ปัญหา SELinux - สถานะ git ร้ายแรง: หน่วยความจำไม่เพียงพอ? mmap ล้มเหลว: การอนุญาตถูกปฏิเสธ

RO: Problemă SELinux - git status fatal: memorie lipsită? mmap failed: permisiunea refuzată

RU: Проблема с SELinux — фатальный статус git: не хватает памяти? Ошибка mmap: Отказано в доступе

VI: Sự cố SELinux - trạng thái git nghiêm trọng: Hết bộ nhớ? mmap không thành công: Quyền bị từ chối

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.