bill1282
asked on
SElinux, ioncube and local.te
I am using these instructions to get ioncube to work on a dedicated server running Web server Apache/2.2.3 (CentOS). Install Ioncube Loader while SELinux Enabled http://www.cuteshift.com/57/install-ioncube-loader-while-selinux-enabled/
I have already added the files and the entry to the /etc/php.ini file and used the Loader Wizard to try to install
Where do I add the local.te file?
Thank you,
Bill
I have already added the files and the entry to the /etc/php.ini file and used the Loader Wizard to try to install
Where do I add the local.te file?
Thank you,
Bill
ASKER
This is what I got after running the command
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i htttprls.pp
semodule: Could not read file 'httprls.pp': No such file or directory
when semodule -i htttprls.pp is run i get for all accounts on the server
homedir /var/www/vhosts/website.co m or its parent directory conflicts with a
defined context in /etc/selinux/targeted/cont exts/files /file_cont exts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i htttprls.pp
semodule: Could not read file 'httprls.pp': No such file or directory
when semodule -i htttprls.pp is run i get for all accounts on the server
homedir /var/www/vhosts/website.co
defined context in /etc/selinux/targeted/cont
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
ASKER
This is what I get when I run audit2allow -l -a -r
require {
type httpd_t;
class process execmem;
}
#============= httpd_t ==============
allow httpd_t self:process execmem;
require {
type httpd_t;
class process execmem;
}
#============= httpd_t ==============
allow httpd_t self:process execmem;
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Still getting errors:
homedir /var/www/vhosts/mydomain.c om or its parent directory conflicts with a
defined context in /etc/selinux/targeted/cont exts/files /file_cont exts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
output of audit2allow -l -a -r
require {
type httpd_t;
type httpd_sys_content_t;
class file execmod;
}
#============= httpd_t ==============
allow httpd_t httpd_sys_content_t:file execmod;
homedir /var/www/vhosts/mydomain.c
defined context in /etc/selinux/targeted/cont
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
output of audit2allow -l -a -r
require {
type httpd_t;
type httpd_sys_content_t;
class file execmod;
}
#============= httpd_t ==============
allow httpd_t httpd_sys_content_t:file execmod;
ASKER
Cancel that I ran it again and it worked thank you very much!
You're welcome
You wont add it anywhere once you've run the commands in the document say you should be creating a policy and inserting it. However it is not a good document.
First of allow you should finf SELinux errors with such a command:
ausearch -m AVC --comm http | audit2allow -M htttprls && semodule -i httprls.pp
The first command au search finds policy deniess with AVC module and filters only the http errors
audit2allow will create a new module called httprls and finally the third command will insert the generated rule.
This should be it..
Cheers,
K.