Open source software security

Drupal vs. SElinux

16 November 2010
SElinux came back to bite me again today during an installation of Drupal 6-19 on a new virtual machine for testing. I had downloaded the tar.gz package from Drupal.org, set up a database, unzipped the package, and was walking through the graphical installation process in my web browser. I would make it to the installation point where Drupal would requested me to copy the ./sites/default/default.settings.php to ./sites/default/settings.php. After copying the file and creating the directory ./sites/default/files I was ready to install. Unfortunately Drupal continued to complain that it could not write to the new file or folder. I checked and rechecked the permissions. Maddening. Looking at the log files revealed that the Drupal install was accurate: [Mon Nov 15 14:32:25 2010] [error] [client 172.16.62.1] PHP Warning: include_on ce(): Failed opening './sites/default/settings.php' for inclusion (include_path= '.:/usr/share/pear:/usr/share/php') in /var/www/html/drupal-6.19/includes/bootst rap.inc on line 400, referer: http://172.16.62.128/drupal-6.19/install.php?profi le=default I deleted the Drupal installation and started over again, only to be met by the exact same error. What could be going on? It took me a little while but then I remembered SElinux is enabled and enforcing by default in Fedora. SElinux is a defensive program that effectively sandboxes various processes to prevent the compromise of one from allowing a complete machine compromise. In order to bypass the issue you have to disable SElinux by issuing the following command: # echo 0 >/selinux/enforce Then to make the change permanent you have to edit the /etc/selinux/config file to change 'enforcing' to 'disabled' so that SElinux won't start back up the next time you reboot the machine.