SELinux Contexts
- by Josh
I am configuring Apache\PHP and noticed Apache complaining about permissions with the php shared object.
Starting httpd: httpd: Syntax error on line 206 of /etc/httpd/conf/httpd.conf: Cannot load /usr/lib/httpd/modules/libphp5.so into server: /usr/lib/httpd/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
I looked at the context (started fine with enforcement off) and found:
[root@HDSSERVER conf]# ls --lcontext /usr/lib/httpd/modules/libphp5.so
-rwxr-xr-x 1 root:object_r:httpd_modules_t root root 15565418 May 10 08:39 /usr/lib/httpd/modules/libphp5.so
Shouldn't httpd (apache) be able to access files with a context of httpd_modules_t? I got it fixed by applying
chcon -t textrel_shlib_t '/usr/lib/httpd/modules/libphp5.so'
But I would think the httpd version would work before this one. Can someone explain this to me?