php and oci8 issues

Pad Hosmane phosmane at ntis.gov
Wed Apr 2 20:55:58 UTC 2008 

Hi, 
  I am compiling php 5.2.5 with OCI8 on centOS 5. I have installed the
following from oracle 

oracle-instantclient-basic-10.2.0.3-1 
oracle-instantclient-sqlplus-10.2.0.3-1 
oracle-instantclient-devel-10.2.0.3-1 

These were the compile used while configure php 

'./configure' '--prefix=/usr/local/php-5.2.5'
'--cache-file=../config.cache' '--with-libdir=lib'
'--with-config-file-path=/usr/local/php-5.2.5/etc'
'--with-config-file-scan-dir=/usr/local/php-5.2.5/etc/php.d'
'--disable-debug' '--with-pic' '--disable-rpath' '--with-pear'
'--with-bz2' '--with-curl' '--with-exec-dir=/usr/bin'
'--with-freetype-dir=/usr' '--with-png-dir=/usr'
'--enable-gd-native-ttf' '--with-gettext' '--with-gmp' '--with-iconv'
'--with-jpeg-dir=/usr' '--with-openssl' '--with-pspell'
'--with-pcre-regex' '--with-zlib' '--with-layout=GNU' '--enable-exif'
'--enable-ftp' '--enable-magic-quotes' '--enable-sockets'
'--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-wddx'
'--with-kerberos' '--enable-ucd-snmp-hack' '--with-snmp=shared,/usr'
'--with-unixODBC=shared,/usr' '--enable-shmop' '--enable-calendar'
'--with-mime-magic=/etc/httpd/conf/magic' '--without-sqlite'
'--with-libxml-dir=/usr' '--enable-dom=shared' '--with-pgsql=shared'
'--disable-dba' '--disable-xmlreader' '--disable-xmlwriter'
'--without-gdbm' '--with-gd=shared' '--with-imap=shared'
'--with-imap-ssl' '--with-mysql=shared,/usr'
'--with-mysqli=shared,/usr/bin/mysql_config' '--enable-mbstring=shared'
'--enable-mbregex'  '--with-libmbfl'
'--with-pdo-mysql=shared,/usr/bin/mysql_config' '--enable-pdo=shared'
'--with-pdo-odbc=shared,unixODBC,/usr'  '--with-xmlrpc=shared'
'--with-ncurses=shared' '--with-ldap=shared'
'--with-pdo-pgsql=shared,/usr' '--without-pdo-sqlite' '--with-db4=/usr'
'--enable-force-cgi-redirect' '--enable-pcntl' '--with-xsl=shared,/usr'
'--enable-xmlreader=shared' '--enable-xmlwriter=shared'
'--enable-fastcgi'  '--enable-cgi' '--with-apxs2=/usr/sbin/apxs'
'--with-oci8=shared,instantclient,/usr/lib/oracle/10.2.0.3/client/lib'
'--enable-sigchild' 

Compile and install was successful. Apache was not working and these are
the sealert messages, i am putting here only summary, raw audit message
and suggestions, which i followed in the same order below to make Apache
work 


1. Summary 
    SELinux is preventing /usr/local/php-5.2.5/bin/php from loading 
    /usr/lib/oracle/10.2.0.3/client/lib/libnnz10.so which requires text 
    relocation. 
    
    Raw Audit Messages             

avc: denied { execmod } for comm="php" dev=dm-0 egid=0 euid=0 
exe="/usr/local/php-5.2.5/bin/php" exit=-13 fsgid=0 fsuid=0 gid=0
items=0 
path="/usr/lib/oracle/10.2.0.3/client/lib/libnnz10.so" pid=27356 
scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0 
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file 
tcontext=system_u:object_r:lib_t:s0 tty=pts1 uid=0 

    chcon -t textrel_shlib_t /usr/lib/oracle/10.2.0.3/client/lib/*.so 


2.  SELinux is preventing /usr/sbin/httpd (httpd_t) "execstack" access
to 
    <Unknown> (httpd_t). 
    Raw Audit Messages             

avc: denied { execstack } for comm="httpd" egid=0 euid=0
exe="/usr/sbin/httpd" 
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=27907 
scontext=root:system_r:httpd_t:s0 sgid=0 subj=root:system_r:httpd_t:s0
suid=0 
tclass=process tcontext=root:system_r:httpd_t:s0 tty=(none) uid=0 

     setsebool -P httpd_disable_trans=1 

3. Summary 
    SELinux is preventing /usr/sbin/httpd from changing the access
protection of 
    memory on the heap. 
    Raw Audit Messages             

avc: denied { execheap } for comm="httpd" egid=0 euid=0
exe="/usr/sbin/httpd" 
exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=3913
scontext=root:system_r:initrc_t:s0 
sgid=0 subj=root:system_r:initrc_t:s0 suid=0 tclass=process 
tcontext=root:system_r:initrc_t:s0 tty=(none) uid=0 

     setsebool -P allow_execheap=1 



Has anybody compiled PHP 5 with Oracle client on Redhat or Centos 5 with
out any selinux issues? Is this the known issue or my procedures are
wrong. I have tried compiling couple of weeks back with Red Hat ent5 php
source rpms and got the same selinux errors. Any possible help to put
back allow_execheap=0  httpd_disable_trans=0. 

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080402/6ce19392/attachment.htm>

More information about the fedora-selinux-list mailing list