Asterisk failed to launch in RHEL 8.4

l recently upgrade the Linux VM l use from 8.2 to 8.4, then asterisk is starting to have problem. l have already done some research myself. l found all other people’s ldd output actually indicated that the libasteriskssl.so.1 is not found, but not in my case. l managed to fit all the relevant information in this screenshot. Can someone tell me what is going on? Or what additional information do l need to provide.

/lib vs /lib64 ??

  • Darrin

there is nothing in /lib64 regarding asterisk
l CDed to /lib64 and ran “ll -Z | grep libast” and there is no output

As Darrin implied, you /should/ have a libasteriskssl.so.1 module in /lib64.

Use file(1) to determine if the /lib/libasteriskssl.so.1 module is 32bit or 64bit. If it is 32bit, then you cant use it with 64bit asterisk, and that would explain the error message.

never got a notification that there is a reply
l copied that file into lib64, and somehow that changed the error message.
lnstead of no such file, now it says operation not permitted. lt is really weird l have to say. idk why it is looking for file in /lib64 when ldd output says it looks for it in /lib
l made sure all user can write and execute, yet it still says operation not permitted.
And l do not see any SELinux denial.

ldd is not saying where it is looking for it; it is saying where one was found with the right name. The executable only has the filename part, not the directory.

well, that took me 3 days to figure out. Any tips on why the operation is not permitted?

l finally found the reason after many days. ln case some other people have the same issue, RHEL 8.4 had some update to something called fapolicy, and that thing will stop untrusted ELF libraries and various other things from being executed or accessed. Apparently libasteriskssl.so.1 is an untrusted ELF library in RHEL 8.4 fapolicy.
So, besides discretionary access control and SELinux, that thing can also stop an operation.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.