Problem with interbase (firebird-1.5) on FC4 box, httpd-2.0.54, php-interbase-5.0.4-10.5
Hello there,
because I need interbase (firebird) support in php, I recompiled the actual php-5.0.4-10.5 package with interbase support (--with-interbase=shared). When I start httpd there is the following message in error_log:
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/interbase.so' - object requires: cannot enable executable stack as shared object requires: Permission denied in Unknown on line 0
phpinfo() shows that php has read the interbase.ini file which contains a reference to the interbase.so module, but interbase support is disabled (nothing shows up regarding interbase). With selinux set to permissive mode (instead of enforcing), there is no such message and phpinfo() shows me, that interbase support is enabled.
audit.log shows the following:
type=AVC msg=audit(1138630853.033:10): avc: denied { execstack } for pid=1886 comm="httpd" scontext=root:system_r:httpd_t tcontext=root:system_r:httpd_t tclass=process type=SYSCALL msg=audit(1138630853.033:10): arch=40000003 syscall=125 success=no exit=-13 a0=bf8a3000 a1=1000 a2=1000007 a3=d5a000 items=0 pid=1886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="httpd" exe="/usr/sbin/httpd"
Any help would be truly appreciated.
Thanks in advance,
Daniel
Daniel Paul wrote:
Hello there,
because I need interbase (firebird) support in php, I recompiled the actual php-5.0.4-10.5 package with interbase support (--with-interbase=shared). When I start httpd there is the following message in error_log:
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/interbase.so' - object requires: cannot enable executable stack as shared object requires: Permission denied in Unknown on line 0
try
execstack -c /usr/lib/php/modules/interbase.so
execstack is a security problem
http://people.redhat.com/drepper/selinux-mem.html
phpinfo() shows that php has read the interbase.ini file which contains a reference to the interbase.so module, but interbase support is disabled (nothing shows up regarding interbase). With selinux set to permissive mode (instead of enforcing), there is no such message and phpinfo() shows me, that interbase support is enabled.
audit.log shows the following:
type=AVC msg=audit(1138630853.033:10): avc: denied { execstack } for pid=1886 comm="httpd" scontext=root:system_r:httpd_t tcontext=root:system_r:httpd_t tclass=process type=SYSCALL msg=audit(1138630853.033:10): arch=40000003 syscall=125 success=no exit=-13 a0=bf8a3000 a1=1000 a2=1000007 a3=d5a000 items=0 pid=1886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="httpd" exe="/usr/sbin/httpd"
Any help would be truly appreciated.
Thanks in advance,
Daniel
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Hello again,
execstack -c /usr/lib/modules/interbase.so does not solve the problem, execstack -s and -c show the same behaviour (same error message, see below).
Maybe some more information: ls -Z for interbase shows: -rwxr-xr-x root root system_u:object_r:lib_t interbase.so
BTW: /usr/lib/httpd/libphp5.so has the same context data: -rwxr-xr-x root root system_u:object_r:lib_t libphp5.so
(shouldn't it be -> t=httpd_modules_t ?)
Tell me if you need more input to solve the problem...
Daniel
Daniel Paul wrote:
Hello there,
because I need interbase (firebird) support in php, I recompiled the actual php-5.0.4-10.5 package with interbase support (--with-interbase=shared). When I start httpd there is the following message in error_log:
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/interbase.so' - object requires: cannot enable executable stack as shared object requires: Permission denied in Unknown on line 0
try
execstack -c /usr/lib/php/modules/interbase.so
execstack is a security problem
http://people.redhat.com/drepper/selinux-mem.html
phpinfo() shows that php has read the interbase.ini file which contains a reference to the interbase.so module, but interbase support is disabled (nothing shows up regarding interbase). With selinux set to permissive mode (instead of enforcing), there is no such message and phpinfo() shows me, that interbase support is enabled.
audit.log shows the following:
type=AVC msg=audit(1138630853.033:10): avc: denied { execstack } for pid=1886 comm="httpd" scontext=root:system_r:httpd_t tcontext=root:system_r:httpd_t tclass=process type=SYSCALL msg=audit(1138630853.033:10): arch=40000003 syscall=125 success=no exit=-13 a0=bf8a3000 a1=1000 a2=1000007 a3=d5a000 items=0 pid=1886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="httpd" exe="/usr/sbin/httpd"
Any help would be truly appreciated.
Thanks in advance,
Daniel
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Daniel Paul wrote:
Hello again,
execstack -c /usr/lib/modules/interbase.so does not solve the problem, execstack -s and -c show the same behaviour (same error message, see below).
Maybe some more information: ls -Z for interbase shows: -rwxr-xr-x root root system_u:object_r:lib_t interbase.so
BTW: /usr/lib/httpd/libphp5.so has the same context data: -rwxr-xr-x root root system_u:object_r:lib_t libphp5.so
(shouldn't it be -> t=httpd_modules_t ?)
Tell me if you need more input to solve the problem...
Daniel
Daniel Paul wrote:
Hello there,
because I need interbase (firebird) support in php, I recompiled the actual php-5.0.4-10.5 package with interbase support (--with-interbase=shared). When I start httpd there is the following message in error_log:
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/interbase.so' - object requires: cannot enable executable stack as shared object requires: Permission denied in Unknown on line 0
try
execstack -c /usr/lib/php/modules/interbase.so
execstack is a security problem
http://people.redhat.com/drepper/selinux-mem.html
phpinfo() shows that php has read the interbase.ini file which contains a reference to the interbase.so module, but interbase support is disabled (nothing shows up regarding interbase). With selinux set to permissive mode (instead of enforcing), there is no such message and phpinfo() shows me, that interbase support is enabled.
audit.log shows the following:
type=AVC msg=audit(1138630853.033:10): avc: denied { execstack } for pid=1886 comm="httpd" scontext=root:system_r:httpd_t tcontext=root:system_r:httpd_t tclass=process type=SYSCALL msg=audit(1138630853.033:10): arch=40000003 syscall=125 success=no exit=-13 a0=bf8a3000 a1=1000 a2=1000007 a3=d5a000 items=0 pid=1886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="httpd" exe="/usr/sbin/httpd"
Any help would be truly appreciated.
After you execute
execstack -c /usr/lib/modules/interbase.so
Are you still seeing avc messages?
Dan
Thanks in advance,
Daniel
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Hello Dan,
yes, I do see the same error messages as before:
type=AVC msg=audit(1139247428.906:1665): avc: denied { execstack } for pid=32571 comm="httpd" scontext=root:system_r:httpd_t tcontext=ro ot:system_r:httpd_t tclass=process type=SYSCALL msg=audit(1139247428.906:1665): arch=40000003 syscall=125 success=no exit=-13 a0=bff51000 a1=1000 a2=1000007 a3=3c9000 items=0 pid=32571 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="httpd" exe="/usr/sbin/httpd"
Do I need to reboot the server after executing execstack -c ?
Greetings, Daniel
Daniel Paul wrote:
Hello again,
execstack -c /usr/lib/modules/interbase.so does not solve the problem, execstack -s and -c show the same behaviour (same error message, see below).
Maybe some more information: ls -Z for interbase shows: -rwxr-xr-x root root system_u:object_r:lib_t interbase.so
BTW: /usr/lib/httpd/libphp5.so has the same context data: -rwxr-xr-x root root system_u:object_r:lib_t libphp5.so
(shouldn't it be -> t=httpd_modules_t ?)
Tell me if you need more input to solve the problem...
Daniel
Daniel Paul wrote:
Hello there,
because I need interbase (firebird) support in php, I recompiled the actual php-5.0.4-10.5 package with interbase support (--with-interbase=shared). When I start httpd there is the following message in error_log:
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/interbase.so' - object requires: cannot enable executable stack as shared object requires: Permission denied in Unknown on line 0
try
execstack -c /usr/lib/php/modules/interbase.so
execstack is a security problem
http://people.redhat.com/drepper/selinux-mem.html
phpinfo() shows that php has read the interbase.ini file which contains a reference to the interbase.so module, but interbase support is disabled (nothing shows up regarding interbase). With selinux set to permissive mode (instead of enforcing), there is no such message and phpinfo() shows me, that interbase support is enabled.
audit.log shows the following:
type=AVC msg=audit(1138630853.033:10): avc: denied { execstack } for pid=1886 comm="httpd" scontext=root:system_r:httpd_t tcontext=root:system_r:httpd_t tclass=process type=SYSCALL msg=audit(1138630853.033:10): arch=40000003 syscall=125 success=no exit=-13 a0=bf8a3000 a1=1000 a2=1000007 a3=d5a000 items=0 pid=1886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="httpd" exe="/usr/sbin/httpd"
Any help would be truly appreciated.
After you execute
execstack -c /usr/lib/modules/interbase.so
Are you still seeing avc messages?
Dan
Thanks in advance,
Daniel
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
Daniel Paul