[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[F8] (Re)Starting httpd reveals php pdf.so stack permission errors...




# setenforce 1  (If set to 0, no following errors are generated)
# service httpd restart
<Generates the following errors>

/etc/log/httpd/errors_log:
=================
PHP Warning:  PHP Startup: Unable to load dynamic library
'/usr/lib/php/modules/pdf.so' - libpdf.so.6: cannot enable executable
stack as shared object requires: Permission denied in Unknown on line 0

# ls -lZ /usr/lib/php/modules/pdf.so
-rwxr-xr-x  root root system_u:object_r:textrel_shlib_t:s0 /usr/lib/php/modules/pdf.so

# find / -xdev -name libpdf.so.6
<does not exist>

/etc/log/audit/audit_log:
===============
type=AVC msg=audit(1203285527.123:3893): avc:  denied  { execstack } for  pid=21241 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process
type=SYSCALL msg=audit(1203285527.123:3893): arch=40000003 syscall=125 success=no exit=-13 a0=bfca1000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=21241 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

SEAlert:
=================================================
Summary
    SELinux is preventing /usr/sbin/httpd (httpd_t) "execstack" to <Unknown>
    (httpd_t).

Detailed Description
    SELinux denied access requested by /usr/sbin/httpd. It is not expected that
    this access is required by /usr/sbin/httpd and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.

Allowing Access
    You can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information       

Source Context                system_u:system_r:httpd_t:s0
Target Context                system_u:system_r:httpd_t:s0
Target Objects                None [ process ]
Affected RPM Packages         httpd-2.2.8-1.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-84.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall
Host Name                     gold.cdkkt.com
Platform                      Linux gold.cdkkt.com 2.6.23.15-137.fc8 #1 SMP Sun
                              Feb 10 17:48:34 EST 2008 i686 i686
Alert Count                   10
First Seen                    Sun 17 Feb 2008 04:50:41 AM PST
Last Seen                     Sun 17 Feb 2008 01:46:21 PM PST
Local ID                      b2d0de85-f78b-4945-8d01-1ef26660fe47
Line Numbers                 

Raw Audit Messages           

avc: denied { execstack } for comm=httpd egid=0 euid=0 exe=/usr/sbin/httpd
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=20396
scontext=system_u:system_r:httpd_t:s0 sgid=0 subj=system_u:system_r:httpd_t:s0
suid=0 tclass=process tcontext=system_u:system_r:httpd_t:s0 tty=(none) uid=0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]