SELinux Apache and php/mapscript

Steven Bowden steveb at BUNDABERG.QLD.GOV.AU
Tue Jul 19 21:51:53 EDT 2005 

Hi Tim,

I had similar problems when I was trying to install mapserver on CentOS 4.
I have pretty much got it working but SELinux is still giving a few errors.

How I did it.
complied and installed all of the dependencies that I was going to use, ie 
gdal, geos, gd etc with a prefix=/usr/local/mapserver4

Then created a file /etc/ld.so.conf.d/mapserver.conf
and inserted the full path to the lib directory, ie
/usr/local/mapserver4/lib
Ran ldconfig

Compiled and installed php into /var/www/cgi-bin/mapserver4/php4311
Specified the extensions directory in php.ini to be
/var/www/cgi-bin/mapserver4/php4311/extensions
and copied the php_mapscript.so to there.

Then when I run phpinfo() it should show you the mapscript version and compile 
options.

It works but I am getting the following the /var/log/messages
Jul 20 21:30:42 localhost kernel: audit(1121859042.011:0): avc:  denied  
{ getattr } for  pid=21646 comm=php path=/var dev=dm-0 ino=4964353 
scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_t 
tclass=dir
So I don't know if this relates running php as a cgi or when php loads the 
php_mapscript.so module.

Steve

On Wednesday 20 July 2005 11:18, Tim Norris wrote:
> Hi all,
>
> I am trying with little luck to get mapserver running under apache with
> php/mapscript (running as cgi) AND SELinux . . . (Fedora Core 4 i386) I
> know this is probably somwhat similar to running my head into a brick wall,
> but I have to try.
>
> does anyone have any ideas . . . ???
>
> php is working, mysql is working, I can even get the php_mapscript.so to
> partially load, but then when it looks for other shared objects
> (specificially libgdal and libproj) I run into the error 'cannot restore
> segment prot after reloc: Permission denied'
>
> further info about the SELinux types:
>
> php is set to httpd_sys_script_exec_t
> php_mapscript.so is set to httpd_sys_script_exec_t
> libgdal is sset to shlib_t
>
> the actual error I get is:
> Warning: dl()[function.dl]: Unable to load dynamic library
> '/usr/local/lib/php_mapscript.so' - /usr/local/lib/libgdal.so.1: cannot
> restore segment prot after reloc: Permission denied in
> /var/www/html/php_info.php on line 2
>
> any ideas would be great and I'll post something if I get it working  . . .
> :)
>
> thanks
> tim

More information about the mapserver-users mailing list