selinux and apache modules linked against libs in non-standard places
Aleksandar Milivojevic
amilivojevic at pbl.ca
Mon Jan 31 20:58:23 UTC 2005
I have PHP module linked against library in non-standard place. When
starting Apache web server, it loads PHP module, which in turn attempts
to load this library. This is what I get in /var/log/messages each time
I start Apache:
kernel: audit(1107201979.916:0): avc: denied { execute } for pid=3248
path=/opt/foobar/lib/libfoobar.so.1.0.0.1 dev=dm-1 ino=560573
scontext=root:system_r:httpd_t tcontext=system_u:object_r:usr_t tclass=file
I believe this is due to the fact that Apache is restricted in what
files it can open using SELinux policies. How to allow Apache to use an
library in non-standard place (/opt/foobar/lib for example)? Preferably
in a way that will not be overwritten when system is updated (if
possible, of course).
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the users
mailing list