[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Apache/PHP module boot restriction?



On Wed, 2006-02-22 at 16:41 -0800, Andrew JH Ring wrote:
> I've recently set up a Fedora Core 4 web server running Apache 2.2.0
> with PHP 5.1.2.  I've managed to get Apache loading the module, after
> setting libphp5.so to shlib_t, however Apache seems to still be unable
> to access the module during boot.  I'm getting a Cannot load libphp5
> cannot restore segment prot after reloc.  Is this a known problem, and
> if so, how is it fixed?

cc'd fedora-selinux-list as well above, since you mentioned you were
using FC4.

This usually indicates a text relocation, which is undesirable if it can
be avoided.  The stock FC4 php doesn't appear to have any text
relocations in its libphp (readelf -d libphp5.so.1 |  grep TEXTREL).
Possibly it has a patch to avoid the problem.

Ideally, it would be best if you could similarly patch or fix the build
for PHP 5.1.2.  If you truly need to allow it, then you can label
the .so file with the texrel_shlib_t type (since you are using FC4, I
used the old type name).

Some discussion of the SELinux memory protection tests can be found in:
http://people.redhat.com/drepper/selinux-mem.html

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]