selinux and apache modules linked against libs in non-standard places

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have PHP module linked against library in non-standard place. When starting Apache web server, it loads PHP module, which in turn attempts to load this library. This is what I get in /var/log/messages each time I start Apache:

kernel: audit(1107201979.916:0): avc: denied { execute } for pid=3248 path=/opt/foobar/lib/libfoobar.so.1.0.0.1 dev=dm-1 ino=560573 scontext=root:system_r:httpd_t tcontext=system_u:object_r:usr_t tclass=file

I believe this is due to the fact that Apache is restricted in what files it can open using SELinux policies. How to allow Apache to use an library in non-standard place (/opt/foobar/lib for example)? Preferably in a way that will not be overwritten when system is updated (if possible, of course).

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux