On Thu, Mar 11, 2010 at 8:46 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
It's funny that you mention pecl in this context, since pecl itself has the same behavior that the original poster mentioned with regard to SELinux, at least on RHEL 5. When you install a module using pecl, it compiles it in a temporary directory and them moves it into place in the PHP library directory. The resulting module has the SELinux label from the temporary directory, user_u:object_r:tmp_t, not the system_u:object_r:textrel_shlib_t label that the other PHP modules in the /usr/lib64/php/modules directory have. Issuing a quick 'restorecon' command versus the resulting php module file adjusted its context so that httpd could read it.http://pecl.php.net/package/selinux
--
Richard Bullington-McGuire | Director of Technology | Three Pillar Global
mobile: 571.236.0938 | fax: 703-564-5595 | PGP key ID: 0xDAC3028E
richard.bullington-mcguire@xxxxxxxxxxxxxxxxxxxxx | www.threepillarglobal.com
