Jouni Viikari wrote:
On Tue, 6 Jun 2006, James Antill wrote:
On Mon, 2006-05-29 at 19:47 +0300, Jouni Viikari wrote:
On Sun, 2006-05-28 at 10:58 +0100, Paul Howarth wrote:
On Sun, 2006-05-28 at 12:43 +0300, Jouni Viikari wrote:
I have the same problem:
type=AVC msg=audit(1148808793.986:30189): avc: denied { execute
} for
pid=18644 comm="httpd" name="bash" dev=dm-0 ino=3440979
scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[...]
It is a php-script doing basically ugly 'system("cat xyz");'
#ls -Z
system_u:object_r:httpd_sys_content_t
This is just a testing_something.php where I happened to notice a
change
in a behavior.
See "man httpd_selinux" ... summary is you need at least:
chcon -t httpd_sys_exec_t
Yeah, I thought the context might not be rigth. Anyway the behaviour
has changed.
However, there seems not to be httpd_sys_exec_t (trying above gives
"Invalid argument"). If I try httpd_sys_script_exec_t it does not work
either.
Biggest problem I just found out is that I can not send mail any more
from
SquirrelMail (standard FC5 package):
type=AVC msg=audit(1149674474.840:81196): avc: denied { execute } for
pid=20207 comm="httpd" name="bash" dev=dm-0 ino=3440979
scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:object_r:shell_exec_t:s0
tclass=file
setsebool httpd_ssi_exec=1
should turn this on
-Jouni
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
