On Sun, 2006-05-28 at 10:58 +0100, Paul Howarth wrote:
> On Sun, 2006-05-28 at 12:43 +0300, Jouni Viikari wrote:
> > I have the same problem:
> >
> > type=AVC msg=audit(1148808793.986:30189): avc: denied { execute } for
> > pid=18644 comm="httpd" name="bash" dev=dm-0 ino=3440979
> > scontext=user_u:system_r:httpd_t:s0
> > tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
> >
> >
> > Not sure which update started it. Script complaining now used to work
> > before on FC5.
> >
> > # getsebool -a | grep http
> > allow_httpd_anon_write --> off
> > allow_httpd_sys_script_anon_write --> off
> > httpd_builtin_scripting --> on
> > httpd_can_network_connect --> on
> > httpd_can_network_connect_db --> off
> > httpd_can_network_relay --> off
> > httpd_disable_trans --> off
> > httpd_enable_cgi --> on
> > httpd_enable_ftp_server --> off
> > httpd_enable_homedirs --> on
> > httpd_ssi_exec --> off
> > httpd_suexec_disable_trans --> off
> > httpd_tty_comm --> off
> > httpd_unified --> off
> >
> > # rpm -qa | grep -i policy
> > selinux-policy-targeted-2.2.40-1.fc5
> > checkpolicy-1.30.3-1.fc5
> > policycoreutils-1.30.8-1.fc5
> > selinux-policy-2.2.40-1.fc5
>
> What's the context of the actual script?
>
> Paul.
It is a php-script doing basically ugly 'system("cat xyz");'
#ls -Z
system_u:object_r:httpd_sys_content_t
This is just a testing_something.php where I happened to notice a change
in a behavior.
Jouni
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
