php apache SELinux problem

Miskell, Craig Craig.Miskell at agresearch.co.nz
Wed Feb 21 19:26:10 UTC 2007 

I don't know what's wrong off the top of my head, but check:
/var/log/messages 

It'll have an entry detailing exactly what context failed to do what to
what other context.  Then you can either tweak the contexts (check the
entire path e.g. /home and /home/httpd), or use "audit2allow -l -i
/var/log/messages" to get some (possibly over-broad) policy statement
which you can add to your policy

Craig Miskell

> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Bill Tangren
> Sent: Thursday, 22 February 2007 5:07 a.m.
> To: redhat-list at redhat.com
> Subject: php apache SELinux problem
> 
> I have a web page that calls a file, default.php. The web 
> page works fine on a 
> server with SELinux turned off, but not on one with enforcing 
> turned on. The 
> errors in the logs are like this:
> 
> [client 10.x.x.x] PHP Warning:  main(php/defaults.php): 
> failed to open stream: 
> Permission denied in /home/httpd/index.php on line 3
> [client 10.x.x.x] PHP Warning:  main(): Failed opening 
> 'php/defaults.php' for 
> inclusion (include_path='.:/usr/share/pear') in 
> /home/httpd/index.php on line 3
> 
> The permissions on the files are:
> 
> -rw-rw-r--  1 apache apache  8299 Feb 21 10:19 php/defaults.php
> -rw-rw-r--  1 apache apache 4617 Feb 21 10:31 index.php
> 
> The SELinux settings are:
> 
> -rw-rw-r--  apache   apache   
> system_u:object_r:httpd_sys_content_t php/defaults.php
> -rw-rw-r--  apache   apache   
> system_u:object_r:httpd_sys_content_t index.php
> 
> The first three lines of index.php looks like this:
> 
> <?php
>    $relative_path_to_php = "php/"; //*relative* path from 
> *this* page to php 
> directory
>    include($relative_path_to_php."defaults.php");
> 
> 
> Any thoughts on why I'm having this problem?
> 
> Bill
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================

More information about the redhat-list mailing list