xcache enabled with SELinux

I tried to install xcache to my server in order to accelerate php.

Firstly, I got a src.rpm from Utter Ramblings’s page and built a package with rpmbuild command. Needed php-devel package.

wget http://www.jasonlitka.com/media/files/SRPMS/php-xcache-1.2.0_0.3.src.rpm
rpm -ivh php-xcache-1.2.0_0.3.src.rpm
rpmbuild -bb /usr/src/redhat/SPECS/php-xcache.spec
rpm -ivh /usr/src/redhat/RPMS/i386/php-xcache-4.3.9_1.2.0-0.3.i386.rpm

I installed the php-xcache package succesfully. And set ‘xcache.admin.user’ and ‘xcache.admin.pass’ in /etc/php.d/xcache.ini. ‘xcache.admin.pass’ is md5ed password like the following.

echo "<?php echo md5('password'); ?>" | php

However, I’ve set SELinux to the enforcing mode, so I saw a message issued by avc like the following line when I restarted httpd service.

May 5 00:43:30 www kernel: audit(1178293410.685:17): avc: denied { read write } for pid=27875 comm=”httpd” name=”zero” dev=tmpfs ino=2089 scontext=root:system_r:httpd_t tcontext=system_u:object_r:zero_device_t tclass=chr_file

I needed to install selinux-policy-targeted-sources package additionally to fix the policy, added the following two lines to the file, /etc/selinux/targeted/src/policy/domains/program/apache.te.

# xcache needs to read/write /dev/zero
allow httpd_t zero_device_t:chr_file { read write };

At last I issued ‘make reload’ in /etc/selinux/targeted/src/policy/ directory and restarted httpd service.