FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-02-2008, 08:55 PM
"Pad Hosmane"
 
Default php and oci8 issues

Title: php and oci8 issues






Hi,

* I am compiling php 5.2.5 with OCI8 on centOS 5. I have installed the following from oracle



oracle-instantclient-basic-10.2.0.3-1

oracle-instantclient-sqlplus-10.2.0.3-1

oracle-instantclient-devel-10.2.0.3-1



These were the compile used while configure php



'./configure' '--prefix=/usr/local/php-5.2.5' '--cache-file=../config.cache' '--with-libdir=lib' '--with-config-file-path=/usr/local/php-5.2.5/etc' '--with-config-file-scan-dir=/usr/local/php-5.2.5/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--with-pear' '--with-bz2' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--enable-gd-native-ttf' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-pspell' '--with-pcre-regex' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-wddx' '--with-kerberos' '--enable-ucd-snmp-hack' '--with-snmp=shared,/usr' '--with-unixODBC=shared,/usr' '--enable-shmop' '--enable-calendar' '--with-mime-magic=/etc/httpd/conf/magic' '--without-sqlite' '--with-libxml-dir=/usr' '--enable-dom=shared' '--with-pgsql=shared' *'--disable-dba' '--disable-xmlreader' '--disable-xmlwriter' '--without-gdbm' '--with-gd=shared' '--with-imap=shared' '--with-imap-ssl' '--with-mysql=shared,/usr' '--with-mysqli=shared,/usr/bin/mysql_config' '--enable-mbstring=shared' '--enable-mbregex' *'--with-libmbfl' '--with-pdo-mysql=shared,/usr/bin/mysql_config' '--enable-pdo=shared' *'--with-pdo-odbc=shared,unixODBC,/usr' *'--with-xmlrpc=shared' '--with-ncurses=shared' '--with-ldap=shared' *'--with-pdo-pgsql=shared,/usr' '--without-pdo-sqlite' '--with-db4=/usr' '--enable-force-cgi-redirect' '--enable-pcntl' '--with-xsl=shared,/usr' '--enable-xmlreader=shared' '--enable-xmlwriter=shared' '--enable-fastcgi' *'--enable-cgi' '--with-apxs2=/usr/sbin/apxs' '--with-oci8=shared,instantclient,/usr/lib/oracle/10.2.0.3/client/lib' '--enable-sigchild'



Compile and install was successful. Apache was not working and these are the sealert messages, i am putting here only summary, raw audit message and suggestions, which i followed in the same order below to make Apache work





1. Summary

* * SELinux is preventing /usr/local/php-5.2.5/bin/php from loading

* * /usr/lib/oracle/10.2.0.3/client/lib/libnnz10.so which requires text

* * relocation.

* *

* * Raw Audit Messages * * * * * *



avc: denied { execmod } for comm="php" dev=dm-0 egid=0 euid=0

exe="/usr/local/php-5.2.5/bin/php" exit=-13 fsgid=0 fsuid=0 gid=0 items=0

path="/usr/lib/oracle/10.2.0.3/client/lib/libnnz10.so" pid=27356

scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0

subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file

tcontext=system_ubject_r:lib_t:s0 tty=pts1 uid=0



* * chcon -t textrel_shlib_t /usr/lib/oracle/10.2.0.3/client/lib/*.so





2. *SELinux is preventing /usr/sbin/httpd (httpd_t) "execstack" access to

* * <Unknown> (httpd_t).

* * Raw Audit Messages * * * * * *



avc: denied { execstack } for comm="httpd" egid=0 euid=0 exe="/usr/sbin/httpd"

exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=27907

scontext=root:system_r:httpd_t:s0 sgid=0 subj=root:system_r:httpd_t:s0 suid=0

tclass=process tcontext=root:system_r:httpd_t:s0 tty=(none) uid=0



* * *setsebool -P httpd_disable_trans=1



3. Summary

* * SELinux is preventing /usr/sbin/httpd from changing the access protection of

* * memory on the heap.

* * Raw Audit Messages * * * * * *



avc: denied { execheap } for comm="httpd" egid=0 euid=0 exe="/usr/sbin/httpd"

exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=3913 scontext=root:system_r:initrc_t:s0

sgid=0 subj=root:system_r:initrc_t:s0 suid=0 tclass=process

tcontext=root:system_r:initrc_t:s0 tty=(none) uid=0



* * *setsebool -P allow_execheap=1







Has anybody compiled PHP 5 with Oracle client on Redhat or Centos 5 with out any selinux issues? Is this the known issue or my procedures are wrong. I have tried compiling couple of weeks back with Red Hat ent5 php source rpms and got the same selinux errors. Any possible help to put back allow_execheap=0 *httpd_disable_trans=0.



Thanks.



--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 04:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org