July 1, 2009

SELinux

Forums: 

Selinux denied access to php_exec(). I have tryed to allow it with

audit2allow -a -M httpd
and then
semodule -i httpd

but it doesn't work. audit2why shows many lines like

type=AVC msg=audit(1246431002.917:67): avc: denied { execute_no_trans } for pid=4621 comm="ldd" path="/usr/bin/mencoder" dev=hdb1 ino=24527774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unconfined_execmem_exec_t:s0 tclass=file
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean settings.
You can see the necessary allow rules by running audit2allow with this audit message as input.

and

type=AVC msg=audit(1246408757.234:70): avc: denied { execute_no_trans } for pid=3203 comm="ldd" path="/lib64/ld-2.5.so" dev=hdb1 ino=6127890 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
Was caused by:
Unknown - would be allowed by active policy
Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean settings vs. permanent ones.

the OS is CentOS 5.3. PHP safe_mode is Off.
howto fix that?

thanks in advance

Click Here!