perl/cgi script problem

["Arthur Stephens" <astephens@xxxxxxxxx>]

Ok I thought I had this SELinux thing figured out atleast a little.

Finally got httpd to startup.

But now I have perl/cgi script problems.

When trying to access my Genesis WebAuthoring System the script works in the /cgi-bin/genesis/ directory displaying the login screen

but when I go to log in I get this error message.

 

Error: could not write to file '/var/www/pteraweb/cgi-bin/genesis/script_data/accounts/.webauth_tokens' - Permission denied - Permission denied

 

Plus these on the console

Dec  2 21:04:37 webmail kernel: audit(1102050277.791:0): avc:  denied  { search } for  pid=2359 exe=/usr/bin/perl name=sys dev=proc ino=-268435431 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:sysctl_t tclass=dir
Dec  2 21:04:54 webmail kernel: audit(1102050294.906:0): avc:  denied  { search } for  pid=2360 exe=/usr/bin/perl scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:sysctl_kernel_t tclass=dir
Dec  2 21:04:54 webmail kernel: audit(1102050294.906:0): avc:  denied  { search } for  pid=2360 exe=/usr/bin/perl name=sys dev=proc ino=-268435431 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:sysctl_t tclass=dir
Dec  2 21:04:55 webmail kernel: audit(1102050295.132:0): avc:  denied  { write } for  pid=2360 exe=/usr/bin/perl name=.webauth_tokens dev=dm-0 ino=228251 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:httpd_sys_content_t tclass=file

Oh I know what this means so I added this to my custom.fc

/var/www/.*/cgi-bin(/.*)? system-u:object_r:httpd_sys_script_exec_t

 

which is what I saw in file_contexts for /var/www/cgi-bin

 

make load

fixfiles relabel

 

The log shows it relabled everything.

But now I get...

 

Dec  3 13:42:38 webmail kernel: audit(1102110158.398:0): avc:  denied  { search } for  pid=1873 exe=/usr/bin/perl name=sys dev=proc ino=-268435431 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:sysctl_t tclass=dir
Dec  3 13:42:47 webmail kernel: audit(1102110167.739:0): avc:  denied  { search } for  pid=1874 exe=/usr/bin/perl scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:sysctl_kernel_t tclass=dir
Dec  3 13:42:47 webmail kernel: audit(1102110167.740:0): avc:  denied  { search } for  pid=1874 exe=/usr/bin/perl name=sys dev=proc ino=-268435431 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:sysctl_t tclass=dir
Dec  3 13:42:47 webmail kernel: audit(1102110167.964:0): avc:  denied  { write } for  pid=1874 exe=/usr/bin/perl name=.webauth_tokens dev=dm-0 ino=228251 scontext=user_u:system_r:httpd_sys_script_t tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=file

So I ran out of what I know to do or maybe I messed things up.

 

 

Arthur Stephens
Sales Technician
Ptera Wireless Internet
astephens@xxxxxxxxx
509-927-Ptera