Re: dispatch.fcgi aka fastcgi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2006-02-15 at 16:31 -0500, Daniel J Walsh wrote:
> Craig White wrote:
> > trying to work with ruby on rails and apache w/ fastcgi and implementing
> > fastcgi has left me with a real problem with all sorts of things...I'm
> > thinking that it just might be best to give fastcgi a get out of jail
> > free card (how do I do that?)
> >
> > This was only a click or two...there's no telling how many I can get by
> > trying to use the thing (which of course seems pointless since it is
> > denying me access to things like my css files so it looks like hell
> > too...
> >
> > Feb 14 01:37:19 srv2 kernel: audit(1139906239.590:47): avc:  denied
> > { search } for  pid=28974 comm="dispatch.fcgi" name="ruby-db" dev=dm-1
> > ino=1212642 scontext=root:system_r:htt
> > pd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=dir
> > Feb 14 01:37:19 srv2 kernel: audit(1139906239.591:48): avc:  denied
> > { read } for  pid=28974 comm="dispatch.fcgi" name="environment.rb"
> > dev=dm-1 ino=1212686 scontext=root:system_
> > r:httpd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=file
> > Feb 14 01:37:19 srv2 kernel: audit(1139906239.591:49): avc:  denied
> > { getattr } for  pid=28974 comm="dispatch.fcgi" name="environment.rb"
> > dev=dm-1 ino=1212686 scontext=root:syst
> > em_r:httpd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=file
> > Feb 14 01:37:21 srv2 kernel: audit(1139906241.708:50): avc:  denied
> > { getattr } for  pid=28974 comm="dispatch.fcgi" name="models" dev=dm-1
> > ino=1212648 scontext=root:system_r:htt
> > pd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=dir
> > Feb 14 01:37:21 srv2 kernel: audit(1139906241.709:51): avc:  denied
> > { read } for  pid=28974 comm="dispatch.fcgi" name="models" dev=dm-1
> > ino=1212648 scontext=root:system_r:httpd_
> > sys_script_t tcontext=user_u:object_r:user_home_t tclass=dir
> > Feb 14 01:37:21 srv2 kernel: audit(1139906241.727:52): avc:  denied
> > { append } for  pid=28974 comm="dispatch.fcgi" name="production.log"
> > dev=dm-1 ino=1212718 scontext=root:syste
> > m_r:httpd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=file
> > Feb 14 01:37:21 srv2 kernel: audit(1139906241.781:53): avc:  denied
> > { getattr } for  pid=28974 comm="dispatch.fcgi" name="fastcgi.crash.log"
> > dev=dm-1 ino=1215942 scontext=root:s
> > ystem_r:httpd_sys_script_t tcontext=root:object_r:user_home_t
> > tclass=file
> > Feb 14 01:37:21 srv2 kernel: audit(1139906241.781:54): avc:  denied
> > { append } for  pid=28974 comm="dispatch.fcgi" name="fastcgi.crash.log"
> > dev=dm-1 ino=1215942 scontext=root:sy
> > stem_r:httpd_sys_script_t tcontext=root:object_r:user_home_t tclass=file
> > Feb 14 01:37:21 srv2 kernel: audit(1139906241.784:55): avc:  denied
> > { getattr } for  pid=28974 comm="dispatch.fcgi"
> > name="258e9c185bb365445884d61bf2121a01" scontext=root:system_
> > r:httpd_sys_script_t tcontext=root:system_r:httpd_t
> > tclass=unix_stream_socket
> > Feb 14 01:37:21 srv2 kernel: audit(1139906241.784:56): avc:  denied
> > { accept } for  pid=28974 comm="dispatch.fcgi"
> > name="258e9c185bb365445884d61bf2121a01" scontext=root:system_r
> > :httpd_sys_script_t tcontext=root:system_r:httpd_t
> > tclass=unix_stream_socket
> > Feb 14 01:37:22 srv2 kernel: audit(1139906242.315:57): avc:  denied
> > { shutdown } for  pid=28974 comm="dispatch.fcgi"
> > name="258e9c185bb365445884d61bf2121a01" scontext=root:system
> > _r:httpd_sys_script_t tcontext=root:system_r:httpd_t
> > tclass=unix_stream_socket
> >
> >   
> You need to label the files/directory that the cgi wants to manipulate 
> on your homedirs as httpd_sys_script_rw_t
----
yeah thanks - I actually solved it with 
'setsebool -P httpd_enable_homedirs 0'
and
chcon httpd_sys_script_rw_t /home/craig...

I think that's what I did...I'm in memory mode but it fixed it. I tried
to post a nevermind to the list and ended up sending it to myself and
since it was quite some time before I realized what I had done and
nobody responded...I just let it go.

Sorry for the noise.

Thanks

Craig


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux