Re: httpd can't execute bash?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2006-05-28 at 10:58 +0100, Paul Howarth wrote:
> On Sun, 2006-05-28 at 12:43 +0300, Jouni Viikari wrote:
> > I have the same problem:
> > 
> > type=AVC msg=audit(1148808793.986:30189): avc:  denied  { execute } for
> > pid=18644 comm="httpd" name="bash" dev=dm-0 ino=3440979
> > scontext=user_u:system_r:httpd_t:s0
> > tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
> > 
> > 
> > Not sure which update started it.  Script complaining now used to work
> > before on FC5.
> > 
> > # getsebool -a | grep http
> > allow_httpd_anon_write --> off
> > allow_httpd_sys_script_anon_write --> off
> > httpd_builtin_scripting --> on
> > httpd_can_network_connect --> on
> > httpd_can_network_connect_db --> off
> > httpd_can_network_relay --> off
> > httpd_disable_trans --> off
> > httpd_enable_cgi --> on
> > httpd_enable_ftp_server --> off
> > httpd_enable_homedirs --> on
> > httpd_ssi_exec --> off
> > httpd_suexec_disable_trans --> off
> > httpd_tty_comm --> off
> > httpd_unified --> off
> > 
> > # rpm -qa | grep -i policy
> > selinux-policy-targeted-2.2.40-1.fc5
> > checkpolicy-1.30.3-1.fc5
> > policycoreutils-1.30.8-1.fc5
> > selinux-policy-2.2.40-1.fc5
> 
> What's the context of the actual script?
> 
> Paul.

It is a php-script doing basically ugly 'system("cat xyz");'

#ls -Z
system_u:object_r:httpd_sys_content_t

This is just a testing_something.php where I happened to notice a change
in a behavior.

Jouni


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux