PHP 5.0.3 ldap.so extension denied
Robert L Cochran
cochranb at speakeasy.net
Thu Jan 20 04:36:37 UTC 2005
Colin Walters wrote:
>On Wed, 2005-01-19 at 22:25 -0500, Robert L Cochran wrote:
>
>
>>I compiled PHP version 5.0.3 from source obtained from php.net on a
>>Pentium 4 system running Fedora Core 3 and this message appears in
>>/var/log/messages after httpd starts:
>>
>>audit(1106189173.206:0): avc: denied { execute } for pid=3999
>>path=/usr/lib/20041030/ldap.so dev=dm-0 ino=3129353
>>scontext=user_u:system_r:httpd_t tcontext=root:object_r:lib_t tclass=file
>>
>>
>
>Try running "restorecon /usr/lib/20041030/ldap.so". That should reset
>the type of the file to shlib_t. You'll notice that shared libraries
>directly in /usr/lib/ have this type; this ensures that protected
>daemons are not able to map other random files that may be in lib into
>executable memory.
>
>(If that doesn't work, try "chcon -t shlib_t /usr/lib/20041030/ldap.so")
>
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
>
>
Colin,
Thanks for your help! It worked for that specific file. Now I'm getting
the same message for file "mysql.so" in the same directory, so I assume
that I need to run 'restorecon' for every *.so file in that directory.
(PHP created the directory and installed the modules to it.)
Thanks again!
Bob
More information about the fedora-selinux-list
mailing list