Forums / Install & configuration / Failed executing: /usr/local/bin/convert

Failed executing: /usr/local/bin/convert

Next topic

Author	Message
Kristian Hole	Monday 12 February 2007 9:54:59 am Hi All, A word of warning to all of you running recent version of Red Hat Enterprise Linux (RHEL) / Fedora. Newer RHEL has a kernel level protection mechanism called SELinux (Security Enhanced Linux). If this is installed, and you are running eZ Publish you will typically get similar errors in the debugoutput to this when trying to upload an image in the admin interface: Failed executing: /usr/local/bin/convert '-geometry' '600x600>' 'var/plain/storage/images/media/images//9769-1-eng-GB/blah.gif' 'GIF:var/plain/storage/images/media/images/9769-1-eng-GB/blah.gif', Error: , Return: 1 This is because the default SELinux disallows PHP to run the command. You can disable the protection by running: setenforce permissive But a better solution would be to configure SELinux to work with this. Does anybody know the best way to set up SELinux to get this working? Kristian http://ez.no/ez_publish/documenta...tricks/show_which_templates_are_used http://ez.no/doc/ez_publish/techn...te_operators/miscellaneous/attribute
Paul Borgermans	Monday 12 February 2007 11:20:29 am Hi Kristian, SELinux can be a tough beast. We should create a policy file which can be used by eZ publish based installations (fine grained control). Alternatively (from the httpd_selinux(8) man page): You can disable SELinux protection for the httpd daemon by executing: setsebool -P httpd_disable_trans 1 service httpd restart Paul eZ Publish, eZ Find, Solr expert consulting and training http://twitter.com/paulborgermans
James Ward	Monday 12 February 2007 11:41:37 am Paul, That is exactly how I am currently getting around SELinux issues with eZ Publish. I couldn't agree more that we need an example policy to provide Apache with access to imagemagick and only the write permissions required to run eZ. working at www.wardnet.com blogging at www.jamesward.ca
Kristian Hole	Monday 12 February 2007 1:03:41 pm Here is some more information: http://codex.gallery2.org/Gallery2:Installation_on_a_SELinux_Server Kristian http://ez.no/ez_publish/documenta...tricks/show_which_templates_are_used http://ez.no/doc/ez_publish/techn...te_operators/miscellaneous/attribute
Karl Latiss	Tuesday 13 February 2007 6:28:14 pm On a default Centos 4 server install with eZ installed in /var/www/html I added the following to /etc/selinux/targeted/src/policy/domains/misc/local.te allow httpd_sys_script_t devpts_t:chr_file { read write }; allow httpd_sys_script_t httpd_runtime_t:file write; allow httpd_sys_script_t httpd_sys_content_t:dir { add_name read setattr write }; allow httpd_sys_script_t httpd_sys_content_t:file { create setattr write }; allow httpd_sys_script_t self:capability { dac_override dac_read_search }; allow httpd_sys_script_t httpd_tmp_t:file { getattr read }; allow httpd_sys_script_t httpd_tmp_t:file write; allow httpd_sys_script_t tmp_t:lnk_file read; which seems to be enough to make things work. Atvert Systems http://www.atvert.com.au