Welcome to the Linux Foundation Forum!

SELinux

Posts: 31

Selinux denied access to php_exec(). I have tryed to allow it with

audit2allow -a -M httpd

and then

semodule -i httpd

but it doesn't work. audit2why shows many lines like

type=AVC msg=audit(1246431002.917:67): avc: denied { execute_no_trans } for pid=4621 comm="ldd" path="/usr/bin/mencoder" dev=hdb1 ino=24527774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unconfined_execmem_exec_t:s0 tclass=file

Was caused by:

Missing or disabled TE allow rule.

Allow rules may exist but be disabled by boolean settings; check boolean settings.

You can see the necessary allow rules by running audit2allow with this audit message as input.

and

type=AVC msg=audit(1246408757.234:70): avc: denied { execute_no_trans } for pid=3203 comm="ldd" path="/lib64/ld-2.5.so" dev=hdb1 ino=6127890 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file

Was caused by:

Unknown - would be allowed by active policy

Possible mismatch between this policy and the one under which the audit message was generated.

Possible mismatch between current in-memory boolean settings vs. permanent ones.

the OS is CentOS 5.3. PHP safe_mode is Off.

howto fix that?

thanks in advance

Comments

  • Posts: 31
    The problem is solved with:
    1. setsebool -P httpd_disable_trans on

    thanks to Evolution from The IRC.
  • Thanks a bunch. I was having the same problem with SELinux for a few weeks and didn't know what to do. My sysadmin pretty much gave up on it. I spent hours on Google trying to find a solution but no help. I didn't know that I would get the fix in this forum and that it would be so easy! Thanks so much! :)

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training