Running XAMPP on Fedora with SELinux Enabled

Running XAMPP on Fedora with SELinux Enabled

Having issues with "Symbolic link not allowed or link target not accessible" errors in apache log files on Fedora? Well you've come to the right place!

I'm pretty sure I just ran across the most annoying thing I've ever been confronted with while trying to run Apache with PHP via XAMPP on Fedora 11 with SELinux enabled. When you setup your httpd.conf to try and access directories in your home directory, by default you will not be successful. You might spend hours, or even days trying to figure out why apache can't access files in your home directory. The good news is that I have the solution, although it wasn't easy to put together, you'll be able to access files out of your home directory after following these steps.

First, make sure that the directory that you are trying to access with apache has world read privileges for everyone. In addition to checking the permissions on the directory Apache is trying to access, make sure you check all the parent directories all the way up to /. By defalt Fedora comes with home directories set to 700.

$ chmod 755 /home
$ chmod 755 /home/user
$ chmod 755 /home/user/

Now that we know for sure that everyone has access to the directory on the local system, including apache, we need to double check our httpd.conf configuration to make sure we have FollowSymLinks enabled. (unless of course your DocumentRoot points to your home directory already, then you can skip this step, but if you are using XAMPP the default DocumentRoot will be /opt/lampp/htdocs so in that case you'll probably be symlinking to your home directory or creating an Alias for it in httpd.conf and we'll need to make sure FollowSymLinks is enabled for that to work).

Go through your httpd.conf and make sure that you have a Directory section that allows your symlinks like the following.


Options FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny


You also need to look at every tag after this to make sure that there isn't one that cancels out our FollowSymLinks directive. I mention this, because I've seen configurations that will "Include" another .conf file and in that .conf file there will be a tag that overwrites our FollowSymLinks.

Now for the extra annoying part! Deailing with SELinux. You have a couple options to work get SELinux to play nicely with your setup. I am running XAMPP/LAMPP so I will post all the necessary commands here to make SELinux play nicely. If your running your own install of Apache you can either modify the following commands to make them work with your setup or you can optionally disable SELinux.

To disable SELinux go to System->Administration->SELinux Management and disable it there.

To keep the security benefits of SELinux and make it play nicely with XAMPP/LAMPP we need to run the following commands as root or via sudo.

$ chcon -t textrel_shlib_t '/opt/lampp/lib/libsybdb.so.5.0.0'
$ semanage fcontext -a -t textrel_shlib_t '/opt/lampp/lib/libsybdb.so.5.0.0'
$ chcon -t textrel_shlib_t '/opt/lampp/lib/libc-client.so.2007e'
$ semanage fcontext -a -t textrel_shlib_t '/opt/lampp/lib/libc-client.so.2007e'
$ chcon -t textrel_shlib_t '/opt/lampp/modules/mod_perl.so'
$ semanage fcontext -a -t textrel_shlib_t '/opt/lampp/modules/mod_perl.so'
$ chcon -t textrel_shlib_t '/opt/lampp/lib/php/extensions/no-debug-non-zts-20060613/ming.so'
$ semanage fcontext -a -t textrel_shlib_t '/opt/lampp/lib/php/extensions/no-debug-non-zts-20060613/ming.so'
$ chcon -t textrel_shlib_t '/opt/lampp/lib/php/extensions/no-debug-non-zts-20060613/pgsql.so'
$ semanage fcontext -a -t textrel_shlib_t '/opt/lampp/lib/php/extensions/no-debug-non-zts-20060613/pgsql.so'
$ chcon -t textrel_shlib_t '/opt/lampp/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so'
$ semanage fcontext -a -t textrel_shlib_t '/opt/lampp/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so'
$ chcon -t textrel_shlib_t '/opt/lampp/modules/libphp5.so'
$ semanage fcontext -a -t textrel_shlib_t '/opt/lampp/modules/libphp5.so'

And that should be it! Restart XAMPP/LAMPP and your system should be working now. If it's not go through and double check everything again. Although it's quite a bit of hassle to get this going, these are the steps that I took to get it working on my Fedora 11 system.

 

Comments


Boise Web Design

Established in the City of Trees in Boise Idaho in 2002, Vector Network Solutions is now a leading web development company providing Boise web design with over ten years of experience. Leading the way with a proven track record on the industries top web platforms, VectorNS is capable of delivering exceptional solutions to clients around the globe. Our strategic methods afford us the ability to provide Boise with web design, development and a sharp competitive edge. Call or e-mail today to start initiating your project with the experienced professionals at VectorNS.

Free Web Tips & Ideas!

Sign up for VectorNS Web Tips and recieve occasional tips & ideas to enhance your web presence.