SELinux problem with Zend Optimizer on Fedora release 7
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
SELinux problem with Zend Optimizer on Fedora release 7
I apologize for initially posting this in the wrong form. I'll start off by saying that I'm NOT a linux guru by any stretch of the imagination.
That said, I setup a dedicated server running Fedora release 7. I wanted to use it as web and mail server. I had setup Apache, MySQL, etc before using yum, and did the same here.
I also wanted to set it up as my own mail server. So, I followed the tutorial here:
Even though the tutorial if for version 8, it worked great for 7.
Anyway, I neglected to read the part about disabling SELinux before following it. I had done it before, but I forgot I didn't install SELinux when I installed the software. My web host did.
Here's my problem. Everything is working, but I cannot install the Zend Optimizer 3.3.0a on the server. It installs, but when I go to restart Apache, I get errors, and the page(s) won't load. Here was my initial error:
PHP Code:
Mar 28 10:20:24 serverxxx setroubleshoot:
SELinux is preventing /usr/sbin/httpd from loading /usr/local/Zend/lib/Optimizer-3.3.0/php-5.2.x/ZendOptimizer.so which requires text relocation.
For complete SELinux messages. run sealert -l bc080e98-280b-45cd-9b53-aadcc039bbbe
I did that and restarted, and I get another error. So I ran the sealert it mentions and I get the following:
PHP Code:
Allowing Access
You can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
So now I don't know what to do. I've never (obviously) dealt with SELinux much, so I've never created a policy.
ANY guidance in this situation would be extremely helpful.
The first part would be to learn from your mistake (like not reading docs) and actually go read docs referenced in messages before doing stuff. Yes it's tedious, yes it's annoying your head gets filled with everything you never wanted to ask about stuff you don't want to know but hey, that's the price you pay for not going for the Point-and-click-installer.exe OS (abbrev.: POS).
SELinux is as it says a protection system for your server rather complex bit of software that exists for both RHEL (the subscription based version of fedora), Fedora's just a free version of RHEL, where as Fedora was originally red hat but then they deviated the 2 into 2 peices of kit, we just loose out on the support that exists for RH.
That being said, the best way to handle SELinux I think is to (if your willing to take a little time in an effort to keep your server as safe as possible, aswell as making sure your folders are as protected as possible from intruders and hackers), is to disable SELinux when installing software on your server than when you think your sorted, put it in either of the 2 other modes other than disabled, as this just allows hackers to get into your system and change things, depends on whats in your policies to your system, the best is just to read up on how SELinux works.
But what I do is set it to disabled when im installing things (its more trouble than its worth, always do this when im installing things), then to put it in permissive and look at the warnings your given about things then work out how to enforce the correct policies to what you think fits what you want to use it for etc etc.
But its sometimes like I get like that about ports I think somethings not working and all it is, because ive forgotten to open ports on the firewall for that particular service, ah well hope you got to or get it sorted out.
Just try removing it will sometimes help, disabling it, un install the concerning problem software, keep SELinux disabled (keeping any configuration files that you have) install the service again, whilst then selinus it turned off then making sure your (if you have a router) disable the port forwarding ports you have opened (sometimes called virtual servers), to make it more secure, make sure they work so any configurations work, then turn it back onto permissive mode.
SELinux is as it says a protection system for your server rather complex bit of software that exists for both RHEL (the subscription based version of fedora), Fedora's just a free version of RHEL, where as Fedora was originally red hat but then they deviated the 2 into 2 peices of kit, we just loose out on the support that exists for RH.
That being said, the best way to handle SELinux I think is to (if your willing to take a little time in an effort to keep your server as safe as possible, aswell as making sure your folders are as protected as possible from intruders and hackers), is to disable SELinux when installing software on your server than when you think your sorted, put it in either of the 2 other modes other than disabled, as this just allows hackers to get into your system and change things, depends on whats in your policies to your system, the best is just to read up on how SELinux works.
But what I do is set it to disabled when im installing things (its more trouble than its worth, always do this when im installing things), then to put it in permissive and look at the warnings your given about things then work out how to enforce the correct policies to what you think fits what you want to use it for etc etc.
But its sometimes like I get like that about ports I think somethings not working and all it is, because ive forgotten to open ports on the firewall for that particular service, ah well hope you got to or get it sorted out.
Just try removing it will sometimes help, disabling it, un install the concerning problem software, keep SELinux disabled (keeping any configuration files that you have) install the service again, whilst then selinus it turned off then making sure your (if you have a router) disable the port forwarding ports you have opened (sometimes called virtual servers), to make it more secure, make sure they work so any configurations work, then turn it back onto permissive mode.
WARNING: This is some tragically bad advice. SELinux is absolutely does not " just allows hackers to get into your system and change things" by default. In fact... one might argue the point is exactly the opposite of that statement.
Always take care of figure out what it is you are doing before manually changing your SELinux policies though...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
SELinux problem with Zend Optimizer on Fedora release 7
A note about SELinux
