Hello,
My cgi script cannot run when selinux is enabled, it works fine
when selinux is disabled.
I have tried the following command in cgi directory
find . -name *.* -exec chcon -t httpd_sys_script_exec_t {} \;
My cgi script will still generate the following error:
type=AVC msg=audit(1229327221.227:37721): avc: denied { execute } for pid=1706 comm="httpd" name="ch" dev=dm-0 ino=19694655 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:usr_t:s0 tclass=file
type=SYSCALL msg=audit(1229327221.227:37721): arch=40000003 syscall=11 success=no exit=-13 a0=8317a48 a1=831caa0 a2=831cab0 a3=831d0a8 items=0 ppid=30396 pid=1706 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=301 comm="httpd" exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
here is the my selinux bool configuration.
[root@~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
[root@~]# getsebool -a | grep httpd
allow_httpd_anon_write --> off
allow_httpd_bugzilla_script_anon_write --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_nagios_script_anon_write --> off
allow_httpd_squid_script_anon_write --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_disable_trans --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_rotatelogs_disable_trans --> off
httpd_ssi_exec --> off
httpd_suexec_disable_trans --> off
httpd_tty_comm --> on
httpd_unified --> on
[root@~]#
Any suggestions to fix the problem?
Thanks.
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|