You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Malcolm J Harwood <mj...@liminalflux.net> on 2005/03/23 17:14:50 UTC

static apache+mod_perl+libapreq

Has anyone managed to compile a static (no DSO) apache with mod_perl and 
libapreq? Both mod_perl and libapreq have instructions for building them 
statically individually, but the instructions seem to be mutually 
incompatible.

SELinux, mod_perl 2.x, Apache::DB

Posted by "D. Hageman" <dh...@dracken.com>.

If you run a Fedora or RedHat box with SELinux enabled, then you will find 
that you can't use Apache::DB to interactively debug your code.  The issue 
is the default for the "targeted" policy is to not allow apache to 
interact with the console.

The solution is two fold:

1.  You need to run the command "setsebool httpd_tty_comm true" which will
activate some conditional policy rules to allow apache to communicate with 
the console.

2.  The conditional rules do not allow all the permissions you need for 
interactive debugging, so you need to add this to your locale.te file and 
reload the policy.

if (httpd_tty_comm) {
     allow { httpd_t } admin_tty_type:chr_file { ioctl getattr };
}

I thought I would post this in case anyone else runs into this issue. 
Working with apache on a machine with SELinux enabled can be tricky at 
times, but it is definitely a decent tool to assist you in security.

I will send a documentation patch to Frank Wiles later this week, but it 
will probably be awhile be for he gets Apache::DB updated since he is just 
returning from a vacation.

//========================================================\\
||  D. Hageman                    <dh...@dracken.com>  ||
\\========================================================//