SELinux

SELinux provides the mechanism for supporting access control security policies through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of kernel modifications and user-space tools that can be added to various Linux distributions.

Only supported by Zend Server on RPM (RHEL, CentOS and OEL) OS.

Instructions on how to complete a procedure

To install Zend Server with SELinux support:

  1. Prior to installing Zend Server, make sure SELinux is installed and enabled on your machine.
  2. Install Zend Server.
  3. Manually restart Zend Server, after installation is finished.

 

Installing Zend Server on a machine with SELinux applies the following changes:

  • Enabling the following settings:
    • httpd_can_network_connect
    • httpd_can_network_connect_db
    • allow_httpd_anon_write
  • Assigning port 10083 to http_port_t
  • Adding the following policy:
    allow httpd_t unconfined_t:unix_stream_socket connectto;
    allow httpd_t self:capability ipc_owner;