SELinux
SELinux provides the mechanism for supporting access control security policies through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of kernel modifications and user-space tools that can be added to various Linux distributions.
Note:
Only supported by Zend Server on RPM (RHEL, CentOS and OEL) OS.
|
|
|
To install Zend Server with SELinux support:
|
|
Installing Zend Server on a machine with SELinux applies the following changes:
- Enabling the following settings:
- httpd_can_network_connect
- httpd_can_network_connect_db
- allow_httpd_anon_write
- Assigning port 10083 to http_port_t
- Adding the following policy:
allow httpd_t unconfined_t:unix_stream_socket connectto;
allow httpd_t self:capability ipc_owner;