I'm working on a CGI program in C, but recently SELinux seems to have tripped me up. I started with Tom Boutell's cgic and an example CGI program (provided in his source tree) that generates a JPEG on the fly. It ran fine months back with the following script: dir=$(dirname $0) /usr/sbin/httpd -X -k start -d $dir -e debug on my FC4 machine. Now, it's time to start testing the program I wrote, but my Apache (version 2.0.54, installed from Fedora RPM, if it matters) won't start unless I execute /usr/sbin/setenforce 0 before executing my script. (it took me a while to figure that one out!). In fact, /usr/sbin/httpd -v won't even work. I'm sure the SELinux policy has updated via yum since times when it worked, and that explains the change. I tried checking "Disable SELinux protection for httpd daemon" in the system-config-securitylevel dialog and relabelling my filesystems, but I still need to execute /usr/sbin/setenforce 0 beforehand to run my script that starts httpd with my CGI program. If it helps, the example CGI program (not the one I've written, but Tom Boutell's that formerly ran) is in the directory /home/myuser/Development/myproject/imageFromCGI_test/test and ls -l /home/myuser/Development/myproject/imageFromCGI_test/test outputs total 52 drwxrwxr-x 2 myuser apache 4096 Sep 9 10:03 cgi-bin drwxrwxr-x 2 myuser apache 4096 Sep 9 13:07 conf -rwxr-xr-x 1 root root 63 Dec 20 14:38 debug_CGI drwxrwxr-x 2 myuser apache 4096 Sep 9 12:08 htdocs drwxrwxr-x 2 myuser apache 4096 Sep 9 12:04 logs lrwxrwxrwx 1 root root 18 Sep 9 09:52 modules -> /etc/httpd/modules drwxrwxr-x 2 myuser apache 4096 Sep 9 12:04 run (probably only makes sense if you're accustomed to configuring apache; this directory is essentially the argument to the Apache ServerRoot directive). I inferred that the directory might be important since /sbin/service httpd start works fine, regardless of state of aforementioned checkbox. What bugs me is that I don't get any kind of warning... apache just never starts. Q: How do I get warnings? (grep avc /var/log/messages was of no help to my pea-brain) Q: What else do I need to change to alter this behavior? I understand that for a production machine, SELinux is a good thing. I hadn't installed it when I used FC2 and hadn't had much problem with FC3 or with FC4 until yesterday. I have to believe there is a better way than just turning it off. Thanks. -al Al Pacifico Seattle, WA -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
