[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: selinux and apache modules linked against libs in non-standard places

From: Daniel J Walsh <dwalsh redhat com>
To: For users of Fedora Core releases <fedora-list redhat com>
Subject: Re: selinux and apache modules linked against libs in non-standard places
Date: Mon, 31 Jan 2005 16:27:38 -0500

Aleksandar Milivojevic wrote:

I have PHP module linked against library in non-standard place. When starting Apache web server, it loads PHP module, which in turn attempts to load this library. This is what I get in /var/log/messages each time I start Apache:

kernel: audit(1107201979.916:0): avc: denied { execute } for pid=3248 path=/opt/foobar/lib/libfoobar.so.1.0.0.1 dev=dm-1 ino=560573 scontext=root:system_r:httpd_t tcontext=system_u:object_r:usr_t tclass=file

I believe this is due to the fact that Apache is restricted in what files it can open using SELinux policies. How to allow Apache to use an library in non-standard place (/opt/foobar/lib for example)? Preferably in a way that will not be overwritten when system is updated (if possible, of course).

Does
restorecon -R -v /opt

Fix the problem?

Dan

Follow-Ups:
- Re: selinux and apache modules linked against libs in non-standard places
  - From: Aleksandar Milivojevic

References:
- selinux and apache modules linked against libs in non-standard places
  - From: Aleksandar Milivojevic

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]