Welcome to the Linux Foundation Forum!

SELinux

Options
Set_Killer
Set_Killer Posts: 31
in Fedora

Selinux denied access to php_exec(). I have tryed to allow it with

audit2allow -a -M httpd

and then

semodule -i httpd

but it doesn't work. audit2why shows many lines like

type=AVC msg=audit(1246431002.917:67): avc: denied { execute_no_trans } for pid=4621 comm="ldd" path="/usr/bin/mencoder" dev=hdb1 ino=24527774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unconfined_execmem_exec_t:s0 tclass=file

Was caused by:

Missing or disabled TE allow rule.

Allow rules may exist but be disabled by boolean settings; check boolean settings.

You can see the necessary allow rules by running audit2allow with this audit message as input.

and

type=AVC msg=audit(1246408757.234:70): avc: denied { execute_no_trans } for pid=3203 comm="ldd" path="/lib64/ld-2.5.so" dev=hdb1 ino=6127890 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file

Was caused by:

Unknown - would be allowed by active policy

Possible mismatch between this policy and the one under which the audit message was generated.

Possible mismatch between current in-memory boolean settings vs. permanent ones.

the OS is CentOS 5.3. PHP safe_mode is Off.

howto fix that?

thanks in advance

Comments

  • Set_Killer
    Set_Killer Posts: 31
    Options
    The problem is solved with:
    setsebool -P httpd_disable_trans on

    thanks to Evolution from The IRC.
  • patricidy6r
    patricidy6r Posts: 1
    Options
    Thanks a bunch. I was having the same problem with SELinux for a few weeks and didn't know what to do. My sysadmin pretty much gave up on it. I spent hours on Google trying to find a solution but no help. I didn't know that I would get the fix in this forum and that it would be so easy! Thanks so much! :)

Categories

Upcoming Training