selinux and apache modules linked against libs in non-standard places
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 31 21:27:38 UTC 2005
Aleksandar Milivojevic wrote:
> I have PHP module linked against library in non-standard place. When
> starting Apache web server, it loads PHP module, which in turn
> attempts to load this library. This is what I get in
> /var/log/messages each time I start Apache:
>
> kernel: audit(1107201979.916:0): avc: denied { execute } for
> pid=3248 path=/opt/foobar/lib/libfoobar.so.1.0.0.1 dev=dm-1 ino=560573
> scontext=root:system_r:httpd_t tcontext=system_u:object_r:usr_t
> tclass=file
>
> I believe this is due to the fact that Apache is restricted in what
> files it can open using SELinux policies. How to allow Apache to use
> an library in non-standard place (/opt/foobar/lib for example)?
> Preferably in a way that will not be overwritten when system is
> updated (if possible, of course).
>
Does
restorecon -R -v /opt
Fix the problem?
Dan
More information about the fedora-list
mailing list