link Install IonCube On CentOS 6.x← Back

There are a few extra steps necessary to install IonCube with SELinux enabled. Here is what I did:

  1. Download the IonCube Loader
  2. Extract the tarball and copy the ioncube*.so files to /usr/lib/php/modules
    chown root:root /usr/lib/php/modules/ioncube*.so
    chcon --reference=/usr/sbin/httpd /usr/lib/php/modules/ioncube*.so
  3. Create a file called /root/httpdlocal.te and insert the following:
    module httpdlocal 1.0;
    require {
            type httpd_exec_t;
            type httpd_t;
            class process { execstack execmem };
            class file { execmod };
    allow httpd_t httpd_exec_t:file execmod;
    allow httpd_t self:process { execstack execmem };
  4. Compile the SELinux module and install it
    checkmodule -M -m -o httpdlocal.mod httpdlocal.te
    semodule_package -o httpdlocal.pp -m httpdlocal.mod
    semodule -i httpdlocal.pp
  5. Create a file /etc/php.d/20ioncube.ini and insert the following:
    zend_extension = /usr/lib/php/modules/
  6. Restart Apache
    service httpd restart

You should now have IonCube installed and functional. Create a phpinfo() script and look just below the first block of information for the Zend logo, and inside that box it should mention the IonCube loader.




I don't know if it will work but I am interested in finding out. I expect it to be just a case of building the correct SELinux policy since PHP and Lighthttpd are well known to work together in other environments.

Stay tuned for a new blog post.




This works great with Apache!

Thank you!
Can this be done for Lighttpd PHP fastcgi as well, do you have an idea?


Mike Esquibel


Worked flawlessly for me. Soren, I believe those errors are from you trying to do another module from somewhere else. I followed a few sites that had me create a .te file. I removed those files semodule -r whatever.te and then created the one posted and installed.

CentOS 6.2 php 5.3

Thanks for the posting!



ls -dZ /usr/sbin/httpd

On mine it is httpd_exec_t.



what if this chcon --reference=/usr/sbin/httpd /usr/lib/php/modules/ioncube*.so
fails - is there a way to se what the chcon is now on /usr/sbin/httpd

Post a comment