Please can you help with my first, naive, attempt to fix an selinux problem? Following a recent yum update of a Fedora Core 4 machine, bugzilla no longer works. audit.log contained: avc: denied { execute_no_trans } for pid=811 comm="httpd" name="index.cgi" dev=dm-3 ino=227397 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_sys_content_t tclass=file sestatus outputs: ... httpd_enable_cgi active ... But ls -Z /var/www/html/bugzilla-2.18.3/index.cgi showed that file to be of type httpd_sys_content_t, so I inferred that it needed to be changed to httpd_sys_script_exec_t. In order for the change to persist across relabelling events, I first tried to alter the policy by adding the following line to /etc/linux/targetted/src/policy/file_contexts/file_contexts: /var/www/html/bugzilla-[^/]*/[^/]*\.cgi -- system_u:object_r:httpd_sys_script_exec_t and then ran: cd /etc/linux/targetted/src/policy make reload make relabel ( first with setenforce 1, then with setenforce 0 ) The ls -Z output was unchanged, so I then ran: chcon -t httpd_sys_script_exec_t /var/www/html/bugzilla-2.18.3/index.cgi audit.log is however still showing the same error (adjusted for the new tcontext type). What am I doing wrong? kind regards -- Graham King -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list