Skip to content

Instantly share code, notes, and snippets.

@dcarley

dcarley/README.md

Created December 28, 2011 15:08
Show Gist options
  • Save dcarley/1528263 to your computer and use it in GitHub Desktop.
Save dcarley/1528263 to your computer and use it in GitHub Desktop.
Download ZIP
EL5 backport of httpd_tmp_exec SELinux boolean from EL6.
Raw
README.md

Python code or modules that require ctypes can raise the following cryptic exception when run under mod_wsgi.

mod_wsgi (pid=4203): Exception occurred processing WSGI script 'xxx.wsgi'.
Traceback (most recent call last):
  File "xxx.wsgi", line 8, in simple_app
    import ctypes
  File "/usr/lib64/python2.6/ctypes/__init__.py", line 546, in <module>
    CFUNCTYPE(c_int)(lambda: None)
MemoryError

This can be resolved in recent Fedora and RHEL releases by enabling a new httpd_tmp_exec boolean.

For EL5 the below SELinux module can be used to the same effect.

Raw
httpdtmpexec.te
policy_module(httpdtmpexec, 0.0.1)
require {
type httpd_t;
type httpd_tmp_t;
type httpd_tmpfs_t;
class file execute;
};
bool httpd_tmp_exec false;
if (httpd_tmp_exec) {
allow httpd_t httpd_tmp_t:file execute;
allow httpd_t httpd_tmpfs_t:file execute;
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment