php with oci8
Pad Hosmane
phosmane at ntis.gov
Sat Apr 5 14:49:36 UTC 2008
>
>
> Has anybody compiled PHP 5 with Oracle client on Redhat or Centos 5
with out
> any selinux issues? Is this the known issue or my procedures are
wrong. I
> have tried compiling couple of weeks back with Red Hat ent5 php source
rpms
> and got the same selinux errors. Any possible help to put back
> allow_execheap=0 httpd_disable_trans=0.
>
> Thanks.
>
>
>
Seems the oracle php applications is doing some bad things with memory.
It is basically attempting to make it both writeable and executable at
the same time. This can cause potential problems as described in
http://people.redhat.com/~drepper/selinux-mem.html
and
http://danwalsh.livejournal.com/16975.html
You should probably report this as a bug to oracle, and you can
customize your policy to allow this access using audit2allow
# grep http /var/log/audit/audit.log | audit2allow -M myhttp
# semodule -i myhttp.pp
This should allow you to run these oracle apps with SELinux in enforcing
mode.
Hi Dan,
Thank you for the reply. I found this on Oracle website
------------------------------------------------------------------------
----
5.2 Error While Loading Shared Library When SELinux is Enforcing on
Oracle Enterprise Linux 5.0 and Red Hat Enterprise Linux 5.0
SQL*Plus and Oracle Call Interface (OCI) program calls fail with SELinux
in the Enforcing mode on Oracle Enterprise Linux 5.0 and Red Hat
Enterprise Linux 5.0. Refer to the OracleMetaLink note 454196.1 for more
details about the issue.
Workaround: Shift SELinux to Permissive mode on the system.
This issue is tracked with Oracle bugs 6140224 and 6342166.
------------------------------------------------------------------------
----
The above comment can be found at:
http://download.oracle.com/docs/cd/B28359_01/relnotes.111/b32001/toc.htm
#CJAFABGC
I don't have Oracle Meta link access to get more details.
Thanks,
PH
More information about the fedora-selinux-list
mailing list