PHP 5.0.3 ldap.so extension denied
Colin Walters
walters at redhat.com
Thu Jan 20 04:12:16 UTC 2005
On Wed, 2005-01-19 at 22:25 -0500, Robert L Cochran wrote:
> I compiled PHP version 5.0.3 from source obtained from php.net on a
> Pentium 4 system running Fedora Core 3 and this message appears in
> /var/log/messages after httpd starts:
>
> audit(1106189173.206:0): avc: denied { execute } for pid=3999
> path=/usr/lib/20041030/ldap.so dev=dm-0 ino=3129353
> scontext=user_u:system_r:httpd_t tcontext=root:object_r:lib_t tclass=file
Try running "restorecon /usr/lib/20041030/ldap.so". That should reset
the type of the file to shlib_t. You'll notice that shared libraries
directly in /usr/lib/ have this type; this ensures that protected
daemons are not able to map other random files that may be in lib into
executable memory.
(If that doesn't work, try "chcon -t shlib_t /usr/lib/20041030/ldap.so")
More information about the fedora-selinux-list
mailing list