Apache/PHP module boot restriction?
Robert L Cochran
cochranb at speakeasy.net
Mon Jun 26 04:15:29 UTC 2006
Joe Orton wrote:
>On Thu, Feb 23, 2006 at 08:22:57AM -0500, Stephen Smalley wrote:
>
>
>>On Wed, 2006-02-22 at 16:41 -0800, Andrew JH Ring wrote:
>>
>>
>>>I've recently set up a Fedora Core 4 web server running Apache 2.2.0
>>>with PHP 5.1.2. I've managed to get Apache loading the module, after
>>>setting libphp5.so to shlib_t, however Apache seems to still be unable
>>>to access the module during boot. I'm getting a Cannot load libphp5
>>>cannot restore segment prot after reloc. Is this a known problem, and
>>>if so, how is it fixed?
>>>
>>>
>>cc'd fedora-selinux-list as well above, since you mentioned you were
>>using FC4.
>>
>>This usually indicates a text relocation, which is undesirable if it can
>>be avoided. The stock FC4 php doesn't appear to have any text
>>relocations in its libphp (readelf -d libphp5.so.1 | grep TEXTREL).
>>Possibly it has a patch to avoid the problem.
>>
>>
>
>You have to pass --with-pic to configure; upstream default builds
>non-PIC code into the DSO by default ("it's a feature!").
>
>joe
>
>
>
I'm having this same problem with a snapshot of php 5.2.2 and apache 2.2
under Fedora Core 5. I'm building PHP from the snapshot source at
snaps.php.net. I'll check my PHP configure script (it's on a different
machine) but I think it is passing --enable-pic to configure. Is this
the same thing? Or does the option need to be --with-pic?
I'm getting a file label of:
system_u:object_r:textrel_shlib_t
in the compiled libphp5.so.
Thanks
Bob Cochran
Greenbelt, Maryland, USA
More information about the selinux
mailing list