Hello Dan,
yes, I do see the same error messages as before:
type=AVC msg=audit(1139247428.906:1665): avc: denied { execstack } for
pid=32571 comm="httpd" scontext=root:system_r:httpd_t tcontext=ro
ot:system_r:httpd_t tclass=process
type=SYSCALL msg=audit(1139247428.906:1665): arch=40000003 syscall=125
success=no exit=-13 a0=bff51000 a1=1000 a2=1000007 a3=3c9000 items=0
pid=32571 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="httpd" exe="/usr/sbin/httpd"
Do I need to reboot the server after executing execstack -c ?
Greetings,
Daniel
> Daniel Paul wrote:
> > Hello again,
> >
> > execstack -c /usr/lib/modules/interbase.so does not solve the problem,
> > execstack -s and -c show the same behaviour (same error message, see
> > below).
> >
> > Maybe some more information:
> > ls -Z for interbase shows:
> > -rwxr-xr-x root root system_u:object_r:lib_t interbase.so
> >
> > BTW: /usr/lib/httpd/libphp5.so has the same context data:
> > -rwxr-xr-x root root system_u:object_r:lib_t libphp5.so
> >
> > (shouldn't it be -> t=httpd_modules_t ?)
> >
> > Tell me if you need more input to solve the problem...
> >
> > Daniel
> >
> >> Daniel Paul wrote:
> >>> Hello there,
> >>>
> >>> because I need interbase (firebird) support in php, I recompiled the
> >>> actual php-5.0.4-10.5 package with interbase support
> >>> (--with-interbase=shared). When I start httpd there is the following
> >>> message in error_log:
> >>>
> >>> PHP Warning: PHP Startup: Unable to load dynamic library
> >>> '/usr/lib/php/modules/interbase.so' - object requires: cannot enable
> >>> executable stack as shared object requires: Permission denied in
> >>> Unknown on line 0
> >>
> >> try
> >>
> >> execstack -c /usr/lib/php/modules/interbase.so
> >>
> >> execstack is a security problem
> >>
> >> http://people.redhat.com/drepper/selinux-mem.html
> >>
> >>> phpinfo() shows that php has read the interbase.ini file which contains
> >>> a reference to the interbase.so module, but interbase support is
> >>> disabled (nothing shows up regarding interbase). With selinux set to
> >>> permissive mode (instead of enforcing), there is no such message and
> >>> phpinfo() shows me, that interbase support is enabled.
> >>>
> >>> audit.log shows the following:
> >>>
> >>> type=AVC msg=audit(1138630853.033:10): avc: denied { execstack } for
> >>> pid=1886 comm="httpd" scontext=root:system_r:httpd_t
> >>> tcontext=root:system_r:httpd_t tclass=process
> >>> type=SYSCALL msg=audit(1138630853.033:10): arch=40000003 syscall=125
> >>> success=no exit=-13 a0=bf8a3000 a1=1000 a2=1000007 a3=d5a000 items=0
> >>> pid=1886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> >>> comm="httpd" exe="/usr/sbin/httpd"
> >>>
> >>> Any help would be truly appreciated.
>
> After you execute
>
> execstack -c /usr/lib/modules/interbase.so
>
> Are you still seeing avc messages?
>
> Dan
>
> >>> Thanks in advance,
> >>>
> >>> Daniel
> >>>
> >>> --
> >>> fedora-selinux-list mailing list
> >>> fedora-selinux-list@xxxxxxxxxx
> >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
