Linux.com

SELinux

Link to this post 01 Jul 09

Selinux denied access to php_exec(). I have tryed to allow it with

audit2allow -a -M httpd

and then
semodule -i httpd

but it doesn't work. audit2why shows many lines like

type=AVC msg=audit(1246431002.917:67): avc: denied { execute_no_trans } for pid=4621 comm="ldd" path="/usr/bin/mencoder" dev=hdb1 ino=24527774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unconfined_execmem_exec_t:s0 tclass=file
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean settings.
You can see the necessary allow rules by running audit2allow with this audit message as input.

and

type=AVC msg=audit(1246408757.234:70): avc: denied { execute_no_trans } for pid=3203 comm="ldd" path="/lib64/ld-2.5.so" dev=hdb1 ino=6127890 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
Was caused by:
Unknown - would be allowed by active policy
Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean settings vs. permanent ones.

the OS is CentOS 5.3. PHP safe_mode is Off.
howto fix that?

thanks in advance

Link to this post 03 Jul 09

The problem is solved with:

setsebool -P httpd_disable_trans on

thanks to Evolution from The IRC.

Link to this post 12 Oct 09

Thanks a bunch. I was having the same problem with SELinux for a few weeks and didn't know what to do. My sysadmin pretty much gave up on it. I spent hours on Google trying to find a solution but no help. I didn't know that I would get the fix in this forum and that it would be so easy! Thanks so much! :)

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board