apache selinux issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

My cgi script cannot run when selinux is enabled, it works fine
when selinux is disabled.

I have tried the following command in cgi directory
  find . -name *.* -exec chcon -t httpd_sys_script_exec_t {} \;

My cgi script will still generate the following error:


type=AVC msg=audit(1229327221.227:37721): avc:  denied  { execute } for  pid=1706 comm="httpd" name="ch" dev=dm-0 ino=19694655 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:usr_t:s0 tclass=file
type=SYSCALL msg=audit(1229327221.227:37721): arch=40000003 syscall=11 success=no exit=-13 a0=8317a48 a1=831caa0 a2=831cab0 a3=831d0a8 items=0 ppid=30396 pid=1706 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=301 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)


here is the my selinux bool configuration.

[root@~]#  sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted


[root@~]# getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_bugzilla_script_anon_write --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_nagios_script_anon_write --> off
allow_httpd_squid_script_anon_write --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_disable_trans --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_rotatelogs_disable_trans --> off
httpd_ssi_exec --> off
httpd_suexec_disable_trans --> off
httpd_tty_comm --> on
httpd_unified --> on
[root@~]# 

Any suggestions to fix the problem?
Thanks.

Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux