Hi, I have a CGI script with the following permissions: -rwxr-xr-x root root root:object_r:httpd_unconfined_script_exec_t mpver.cgi This script is internally invoking "sudo". Sudo itself is a wrapper for -rwxr-xr-x root root system_u:object_r:shell_exec_t /usr/sbin/sesh This invocation fails, however: Jul 17 20:51:35 fibudbserver kernel: audit(1153162295.966:6): avc: denied { transition } for pid=20441 comm="sudo" name="sesh" dev=sda1 ino=235570 scontext=user_u:system_r:httpd_unconfined_script_t tcontext=root:system_r:unconfined_t tclass=process What do I need to change? Regards, Jochen -- Whenever you find yourself on the side of the majority, it is time to pause and reflect. (Mark Twain) -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list