Failed executing: /usr/local/bin/convert

Failed executing: /usr/local/bin/convert

Monday 12 February 2007 9:54:59 am - 4 replies

Author Message

Paul Borgermans

Monday 12 February 2007 11:20:29 am

Hi Kristian,

SELinux can be a tough beast. We should create a policy file which can be used by eZ publish based installations (fine grained control).

Alternatively (from the httpd_selinux(8) man page):

You can disable SELinux protection for the httpd daemon by executing:

    setsebool -P httpd_disable_trans 1 service httpd restart

Paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

James Ward

Monday 12 February 2007 11:41:37 am

Paul,
That is exactly how I am currently getting around SELinux issues with eZ Publish. I couldn't agree more that we need an example policy to provide Apache with access to imagemagick and only the write permissions required to run eZ.

working at www.wardnet.com
blogging at www.jamesward.ca

Kristian Hole

Monday 12 February 2007 1:03:41 pm

Here is some more information:
http://codex.gallery2.org/Gallery2:Installation_on_a_SELinux_Server

Kristian

http://ez.no/ez_publish/documenta...tricks/show_which_templates_are_used
http://ez.no/doc/ez_publish/techn...te_operators/miscellaneous/attribute

Karl Latiss

Tuesday 13 February 2007 6:28:14 pm

On a default Centos 4 server install with eZ installed in /var/www/html I added the following to

/etc/selinux/targeted/src/policy/domains/misc/local.te

allow httpd_sys_script_t devpts_t:chr_file { read write };
allow httpd_sys_script_t httpd_runtime_t:file write;
allow httpd_sys_script_t httpd_sys_content_t:dir { add_name read setattr write };
allow httpd_sys_script_t httpd_sys_content_t:file { create setattr write };
allow httpd_sys_script_t self:capability { dac_override dac_read_search };
allow httpd_sys_script_t httpd_tmp_t:file { getattr read };
allow httpd_sys_script_t httpd_tmp_t:file write;
allow httpd_sys_script_t tmp_t:lnk_file read;

which seems to be enough to make things work.

Atvert Systems
http://www.atvert.com.au

You must be logged in to post messages in this topic!

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.