Running on CentOS 5.4, get:
type=AVC msg=audit(1288197048.706:347260): avc: denied { execute_no_trans }
for pid=1388 comm="httpd.worker" path="/usr/lib/dirsrv/dsgw-cgi-bin/lang"
dev=dm-4 ino=225129 scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
Looks like these are mislabeled:
[root at earth admin-serv]# ls -Z /usr/lib/dirsrv/cgi-bin
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t admpw
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t config
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t download
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t dsconfig
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t ds_create
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t ds_listdb
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t ds_remove
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t ds_restart
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t
ds_shutdown
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t
ds_snmpctrl
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t ds_start
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t
ds_unregister
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t help
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t htmladmin
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t
monreplication
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t ReadLog
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t
repl-monitor-cgi.pl
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t restartsrv
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t
sec-activate
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t security
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t
start_config_ds
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t
statpingserv
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t statusping
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t stopsrv
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t ugdsconfig
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t viewdata
-rwxr-xr-x root root system_u:object_r:httpd_dirsrvadmin_script_exec_t viewlog
[root at earth admin-serv]# ls -Z /usr/lib/dirsrv/dsgw-cgi-bin
-rwxr-xr-x root root system_u:object_r:lib_t auth
-rwxr-xr-x root root system_u:object_r:lib_t csearch
-rwxr-xr-x root root system_u:object_r:lib_t dnedit
-rwxr-xr-x root root system_u:object_r:lib_t doauth
-rwxr-xr-x root root system_u:object_r:lib_t domodify
-rwxr-xr-x root root system_u:object_r:lib_t dosearch
-rwxr-xr-x root root system_u:object_r:lib_t edit
-rwxr-xr-x root root system_u:object_r:lib_t lang
-rwxr-xr-x root root system_u:object_r:lib_t myorg
-rwxr-xr-x root root system_u:object_r:lib_t newentry
-rwxr-xr-x root root system_u:object_r:lib_t org
-rwxr-xr-x root root system_u:object_r:lib_t search
-rwxr-xr-x root root system_u:object_r:lib_t tutor
-rwxr-xr-x root root system_u:object_r:lib_t unauth
389-admin-1.1.11-1.el5
389-admin-console-1.1.5-1.el5
389-admin-console-doc-1.1.5-1.el5
389-adminutil-1.1.8-4.el5
389-console-1.1.4-1.el5
389-ds-1.2.1-1.el5
389-ds-base-1.2.6.1-2.el5
389-ds-console-1.2.3-1.el5
389-ds-console-doc-1.2.3-1.el5
389-dsgw-1.1.5-1.el5
File a bug?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion at cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
