[ale] CEntOS 5.6 + PHP53 + Drupal6 + Selinux

David Tomaschik david at systemoverlord.com
Wed Jul 27 22:12:26 EDT 2011


On Wed, Jul 27, 2011 at 9:58 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> = a long arduous pile of pain setting up a gazillion selinux allowances.
>
> dump audit log, restart httpd, test, get failure and generate possible
> solution with audit2allow -R
> edit local-drupal_sux_selinux_hard.te and merge in new policy changes, make,
> make load
> repeat while noting with terror of all the things this environment is
> touching.
>
<snip>
>
> The file it's hitting (fcgi-bin/php5.fcgi) should NOT be set to home_root_t
> but should be set to httpd_sys_script_exec_t but for unknown reasons, chcon
> is blocked for changing the file context on that FCGIWrapper  in the virtual
> hosts fcgi-bin dir. Even facls is correct. mod_fcgid sets a binary elsewhere
> but the simple fcgi file is copied from ??? or generated by virtualmin
> (ARGH!) It works fine but the busted context and blocked change has me
> stumped.
>
> So the other alternative is to use the drupal rpm from EPEL with the hope
> they have the selinux contexts included, scavenge those from the
> post-install script section and also hope it works happy with virtualmin as
> that is a huge pile of perl I really don't want to start poking around in.
>
> it's time for a beer (or three).
>
> --
> --
> James P. Kinney III
>


Jim,

Just curious, but is this any different from any other PHP app on
CentOS?  Just wondering if you've discovered anything Drupal-specific.

David

-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com



More information about the Ale mailing list