Aleksandar Milivojevic wrote:
I have PHP module linked against library in non-standard place. When starting Apache web server, it loads PHP module, which in turn attempts to load this library. This is what I get in /var/log/messages each time I start Apache:
kernel: audit(1107201979.916:0): avc: denied { execute } for pid=3248 path=/opt/foobar/lib/libfoobar.so.1.0.0.1 dev=dm-1 ino=560573 scontext=root:system_r:httpd_t tcontext=system_u:object_r:usr_t tclass=file
I believe this is due to the fact that Apache is restricted in what files it can open using SELinux policies. How to allow Apache to use an library in non-standard place (/opt/foobar/lib for example)? Preferably in a way that will not be overwritten when system is updated (if possible, of course).
Does restorecon -R -v /opt
Fix the problem?
Dan
