selinux and apache modules linked against libs in non-standard places
From: Aleksandar Milivojevic (amilivojevic_at_pbl.ca)
Date: 01/31/05
- Previous message: Scot L. Harris: "Re: networking howto wanted"
- Next in thread: Daniel J Walsh: "Re: selinux and apache modules linked against libs in non-standard places"
- Reply: Daniel J Walsh: "Re: selinux and apache modules linked against libs in non-standard places"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 31 Jan 2005 14:58:23 -0600 To: Fedora <fedora-list@redhat.com>
I have PHP module linked against library in non-standard place. When
starting Apache web server, it loads PHP module, which in turn attempts
to load this library. This is what I get in /var/log/messages each time
I start Apache:
kernel: audit(1107201979.916:0): avc: denied { execute } for pid=3248
path=/opt/foobar/lib/libfoobar.so.1.0.0.1 dev=dm-1 ino=560573
scontext=root:system_r:httpd_t tcontext=system_u:object_r:usr_t tclass=file
I believe this is due to the fact that Apache is restricted in what
files it can open using SELinux policies. How to allow Apache to use an
library in non-standard place (/opt/foobar/lib for example)? Preferably
in a way that will not be overwritten when system is updated (if
possible, of course).
-- Aleksandar Milivojevic <amilivojevic@pbl.ca> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Scot L. Harris: "Re: networking howto wanted"
- Next in thread: Daniel J Walsh: "Re: selinux and apache modules linked against libs in non-standard places"
- Reply: Daniel J Walsh: "Re: selinux and apache modules linked against libs in non-standard places"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
