A message for Linux.com registered users: We are in the process of making changes to the Linux forums. Starting Monday, 8/13/18 at 6:00 PM PT, you will be unable to access the forums. They will re-launch as soon as possible on Wednesday, 8/15/18 with new features and improved functionality. Thank you for your patience and stay tuned for the new improved forums.

July 1, 2009



Selinux denied access to php_exec(). I have tryed to allow it with

audit2allow -a -M httpd
and then
semodule -i httpd

but it doesn't work. audit2why shows many lines like

type=AVC msg=audit(1246431002.917:67): avc: denied { execute_no_trans } for pid=4621 comm="ldd" path="/usr/bin/mencoder" dev=hdb1 ino=24527774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unconfined_execmem_exec_t:s0 tclass=file
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings; check boolean settings.
You can see the necessary allow rules by running audit2allow with this audit message as input.


type=AVC msg=audit(1246408757.234:70): avc: denied { execute_no_trans } for pid=3203 comm="ldd" path="/lib64/ld-2.5.so" dev=hdb1 ino=6127890 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
Was caused by:
Unknown - would be allowed by active policy
Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean settings vs. permanent ones.

the OS is CentOS 5.3. PHP safe_mode is Off.
howto fix that?

thanks in advance

Click Here!