PHP Selinux exec/权限被拒绝

PHP Selinux exec/权限被拒绝

在 Fedora 中,如何配置 Selinux 以授予 PHP 系统或 exec 函数运行任意可执行文件的权限?对我来说,关闭 SELinux 不是一个选择。

$ getsebool -a | grep httpd  

allow_httpd_anon_write --> off  
allow_httpd_mod_auth_ntlm_winbind --> off  
allow_httpd_mod_auth_pam --> off  
allow_httpd_sys_script_anon_write --> off  
httpd_builtin_scripting --> on  
httpd_can_check_spam --> off  
httpd_can_network_connect --> off  
httpd_can_network_connect_cobbler --> off  
httpd_can_network_connect_db --> off  
httpd_can_network_memcache --> off  
httpd_can_network_relay --> off  
httpd_can_sendmail --> off  
httpd_dbus_avahi --> off  
httpd_enable_cgi --> on  
httpd_enable_ftp_server --> off  
httpd_enable_homedirs --> off  
httpd_execmem --> off  
httpd_read_user_content --> off  
httpd_setrlimit --> off  
httpd_ssi_exec --> on  
httpd_tmp_exec --> off  
httpd_tty_comm --> on  
httpd_unified --> off  
httpd_use_cifs --> off  
httpd_use_gpg --> off  
httpd_use_nfs --> off  

答案1

使用以下命令检查与 Apache 相关的当前 SELinux 设置:

# /usr/sbin/getsebool -a | grep httpd

需要打开httpd_ssi_exec允许Apache执行SSI脚本:

# setsebool -P httpd_ssi_exec=1

答案2

刚刚遇到了同样的问题。设置httpd_execmem为开启即可解决问题。

相关内容