> Jouni Viikari wrote: >> On Tue, 6 Jun 2006, James Antill wrote: >> >>> On Mon, 2006-05-29 at 19:47 +0300, Jouni Viikari wrote: >>>> On Sun, 2006-05-28 at 10:58 +0100, Paul Howarth wrote: >>>>> On Sun, 2006-05-28 at 12:43 +0300, Jouni Viikari wrote: >>>>>> I have the same problem: >>>>>> >>>>>> type=AVC msg=audit(1148808793.986:30189): avc: denied { execute >>>>>> } for >>>>>> pid=18644 comm="httpd" name="bash" dev=dm-0 ino=3440979 >>>>>> scontext=user_u:system_r:httpd_t:s0 >>>>>> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file >>> [...] >>>> It is a php-script doing basically ugly 'system("cat xyz");' >>>> >>>> #ls -Z >>>> system_u:object_r:httpd_sys_content_t >>>> >>>> This is just a testing_something.php where I happened to notice a >>>> change >>>> in a behavior. >>> >>> See "man httpd_selinux" ... summary is you need at least: >>> >>> chcon -t httpd_sys_exec_t >> >> Yeah, I thought the context might not be rigth. Anyway the behaviour >> has changed. >> >> However, there seems not to be httpd_sys_exec_t (trying above gives >> "Invalid argument"). If I try httpd_sys_script_exec_t it does not work >> either. >> >> Biggest problem I just found out is that I can not send mail any more >> from >> SquirrelMail (standard FC5 package): >> >> >> type=AVC msg=audit(1149674474.840:81196): avc: denied { execute } for >> pid=20207 comm="httpd" name="bash" dev=dm-0 ino=3440979 >> scontext=user_u:system_r:httpd_t:s0 >> tcontext=system_u:object_r:shell_exec_t:s0 >> tclass=file >> > setsebool httpd_ssi_exec=1 > > should turn this on Confirm. This made things work again (just like before). Thank you. -Jouni -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list