I'm trying to run scripts via httpd from a trusted nfs server, but selinux is preventing me:
kernel: audit(1106703013.728:0): avc: denied { execute } for pid=28425
exe=/usr/sbin/httpd name=sanity_server.pl dev=0:12 ino=32407792
scontext=root:system_r:httpd_t tcontext=system_u:object_r:nfs_t
tclass=fileSo I umounted the nfs volume, and added the following to the mount options in /etc/fstab: context=system_u:object_r:httpd_sys_content_t
I mounted the volume again, and re-tried. That failed with:
kernel: audit(1106705663.904:0): avc: denied { execute_no_trans } for
pid=28573 exe=/usr/sbin/httpd
path=/mnt/myserver/testing-scripts/sanity_server.pl dev=0:12 ino=3
2407792 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:httpd_sys_content_t tclass=fileNow, there's a lot of miscellaneous stuff on /mnt/myserver, not just the web scripts. I need to figure out how to get the scripts working again (preferably without breaking anything else)... they worked fine under RHEL3, but are failing as above under the current RHEL4 candidate.
kernel is: 2.6.9-5.EL #1 SMP Wed Jan 5 19:23:24 EST 2005 ia64 ia64 ia64 GNU/Linux
(The script fails on other architectures, as well; I just happened to be using the ia64 box tonight.)
Any/all words of wisdom appreciated,
-- John
