I have freshly installed CentOS 4 box, with Apache installed. I've
placed some CGI programs into /var/www/cgi-bin, however SELinux is
preventing the execution. One program is statically linked executable,
and the other is shell script.
It seems that everything has correct context:
Output of ls -Z for relevant files/directories looks like this. All
files and directories are user/group root:root, mode 755. Looks like it
should work:
system_u:object_r:httpd_exec_t /usr/sbin/httpd
system_u:object_r:httpd_sys_script_exec_t /var/www/cgi-bin
root:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/compiled-exe.cgi
root:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/sehll-script.sh
However, when Apache attempts to run any of them, I'm getting this error
messages logged in /var/log/messages:
kernel: audit(1110396095.427:0): avc: denied { execute_no_trans } for
pid=1234 exe=/usr/sbin/httpd path=/var/www/cgi-bin/compiled-exe.cgi
dev=dm-1 ino=12345 scontext=user_u:system_r:httpd_t
tcontext=root:object_r:httpd_sys_script_exec_t tclass=file
Same thing if I try it out from command line.
I've Googled around, and was not able to find anything helpful. All I
was able to find were pointers telling me to set the security context of
files the way it is already set up.
--
Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
