I have since found this link: https://stackoverflow.com/questions/72020602/how-to-set-ld-preload-in-systemd The difficulties getting LD_PRELOAD to work with systemd is discussed there, and it said the wrapper approach was the solution. I had already tried the other approaches discussed, with no success. Moreover, the wrapper I created did not work either. For AL2023 the default installed httpd service file is at /usr/lib/systemd/system/httpd.service , which has: ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
and it also has a comment to use 'systemctl edit httpd' to override contents (i.e. don't edit directly). I used the edit command to override the ExecStart and it created a file /etc/systemd/system/httpd.service.d/override.conf , which contains the single line to use the wrapper script: ExecStart=/etc/httpd/conf/files/ExecStart.sh Which has the contents: $ cat /etc/httpd/conf/files/ExecStart.sh#!/bin/shLD_PRELOAD=mysslverify.so /usr/sbin/httpd $OPTIONS -DFOREGROUND Where mysslverify.so is installed in the standard location: $ ls -l /usr/lib64/mysslverify.so-rwxr-xr-x. 1 root root 16088 Aug 13 18:05 /usr/lib64/mysslverify.so With these changes, the restart commands were done: systemctl daemon-reload systemctl stop httpdsystemctl start httpd In this case, it appears the wrapper was never even executed. When I try to examine the ExecStart service directives, it shows two: [root@Dev-Files-2023 httpd.service.d]$ systemctl cat httpd | grep ExecStartExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND ExecStart=/etc/httpd/conf/files/ExecStart.sh I can also tell that the LD_PRELOAD configuration had no impact because the share library is not found in the proc map: $ cat /proc/405099/maps | grep myverifyssl | wc -l0 So it appears as if only the first ExecStart listed from the original service file is being used. Note that setting LD_PRELOAD via the environment directive has some impact: Environment="LD_PRELOAD=/usr/lib64/mysslverify.so" As can be seen by this example: $ cat /proc/405546/maps | grep mysslverify7ff5daca5000-7ff5daca6000 r--p 00000000 103:01 8523479 /usr/lib64/mysslverify.so7ff5daca6000-7ff5daca7000 r-xp 00001000 103:01 8523479 /usr/lib64/mysslverify.so7ff5daca7000-7ff5daca8000 r--p 00002000 103:01 8523479 /usr/lib64/mysslverify.so7ff5daca8000-7ff5daca9000 r--p 00002000 103:01 8523479 /usr/lib64/mysslverify.so7ff5daca9000-7ff5dacaa000 rw-p 00003000 103:01 8523479 /usr/lib64/mysslverify.so However, the library is not being "preloaded", e.g. loaded before other libs. The map output shows mysslverify.so with a larger address than the standard OpenSSL libraries, which per the stack overflow link at the start of this email says it will not be executed. If I disregard the edit comment in the default httpd service file and edit it directly to call the wrapper with ExecStart, attempts to start httpd result in timeout: $ systemctl start httpdJob for httpd.service failed because a timeout was exceeded.See "systemctl status httpd.service" and "journalctl -xeu httpd.service" for details. The start command was hung for a while before timeout, and the following httpd processes existed: $ ps aux | grep httpdroot 403591 0.0 0.0 234280 6024 pts/3 S+ 20:53 0:00 systemctl start httpdroot 403594 0.0 0.0 13348 3176 ? Ss 20:53 0:00 /bin/sh /etc/httpd/conf/files/ExecStart.shroot 403596 0.7 0.1 35256 15252 ? S 20:53 0:00 /usr/sbin/httpd -DFOREGROUNDapache 403639 0.0 0.0 46212 5176 ? S 20:53 0:00 /usr/sbin/httpd -DFOREGROUNDapache 403641 0.0 0.1 1736832 8660 ? Sl 20:53 0:00 /usr/sbin/httpd -DFOREGROUNDapache 403642 0.0 0.1 1572928 8660 ? Sl 20:53 0:00 /usr/sbin/httpd -DFOREGROUNDapache 403644 0.0 0.1 1572928 8660 ? Sl 20:53 0:00 /usr/sbin/httpd -DFOREGROUNDroot 403829 0.0 0.0 222312 2176 pts/5 S+ 20:53 0:00 grep --color=auto httpd The journalctl command to show details, simply shows a bunch of lines: Aug 13 20:56:05 ip-10-16-4-0.us-west-2.compute.internal systemd[1]: httpd.service: Killing process 403823 (httpd) with signal SIGKILL. Any guidance on who I can get this LD_PRELOAD working for httpd on AL2023 would be much appreciated...
