Hello, My cgi script cannot run when selinux is enabled, it works fine when selinux is disabled. I have tried the following command in cgi directory find . -name *.* -exec chcon -t httpd_sys_script_exec_t {} \; My cgi script will still generate the following error: type=AVC msg=audit(1229327221.227:37721): avc: denied { execute } for pid=1706 comm="httpd" name="ch" dev=dm-0 ino=19694655 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:usr_t:s0 tclass=file type=SYSCALL msg=audit(1229327221.227:37721): arch=40000003 syscall=11 success=no exit=-13 a0=8317a48 a1=831caa0 a2=831cab0 a3=831d0a8 items=0 ppid=30396 pid=1706 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=301 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null) here is the my selinux bool configuration. [root@~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted [root@~]# getsebool -a | grep httpd allow_httpd_anon_write --> off allow_httpd_bugzilla_script_anon_write --> off allow_httpd_mod_auth_pam --> off allow_httpd_nagios_script_anon_write --> off allow_httpd_squid_script_anon_write --> off allow_httpd_sys_script_anon_write --> off httpd_builtin_scripting --> on httpd_can_network_connect --> off httpd_can_network_connect_db --> off httpd_can_network_relay --> off httpd_disable_trans --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> on httpd_rotatelogs_disable_trans --> off httpd_ssi_exec --> off httpd_suexec_disable_trans --> off httpd_tty_comm --> on httpd_unified --> on [root@~]# Any suggestions to fix the problem? Thanks. Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx