> -----Original Message-----
> From: centos-bounces@xxxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxxx]
On
> Behalf Of Aleksandar Milivojevic
> Sent: Wednesday, March 09, 2005 1:34 PM
> To: CentOS Mailing List
> Subject: [Centos] cgi trouble with apache and selinux
>
> I have freshly installed CentOS 4 box, with Apache installed. I've
> placed some CGI programs into /var/www/cgi-bin, however SELinux is
> preventing the execution. One program is statically linked
executable,
> and the other is shell script.
>
> It seems that everything has correct context:
>
> Output of ls -Z for relevant files/directories looks like this. All
> files and directories are user/group root:root, mode 755. Looks like
it
> should work:
>
> system_u:object_r:httpd_exec_t /usr/sbin/httpd
> system_u:object_r:httpd_sys_script_exec_t /var/www/cgi-bin
> root:object_r:httpd_sys_script_exec_t
/var/www/cgi-bin/compiled-exe.cgi
> root:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/sehll-script.sh
>
> However, when Apache attempts to run any of them, I'm getting this
error
> messages logged in /var/log/messages:
>
> kernel: audit(1110396095.427:0): avc: denied { execute_no_trans }
for
> pid=1234 exe=/usr/sbin/httpd path=/var/www/cgi-bin/compiled-exe.cgi
> dev=dm-1 ino=12345 scontext=user_u:system_r:httpd_t
> tcontext=root:object_r:httpd_sys_script_exec_t tclass=file
>
> Same thing if I try it out from command line.
>
> I've Googled around, and was not able to find anything helpful. All I
> was able to find were pointers telling me to set the security context
of
> files the way it is already set up.
http://64.233.179.104/search?q=cache:GSBUHNeDQTkJ:fedora.redhat.com/docs
/selinux-apache-fc3/+selinux+apache+cgi&hl=en
http://64.233.179.104/search?q=cache:RbbHexbLOtEJ:www.fedoraforum.org/fo
rum/archive/index.php/t-41377.html+selinux+apache+cgi&hl=en
hth,
Marc
