Hi, I'm currently preparing an update for mod_suphp in FE. suphp works similar to suexec for the apache httpd, only that it is designed with php scripts in mind. The execution works similar to suexec: A php-script on the webserver is accessed, for which the mod_suphp module is configured. The modules executes /usr/sbin/suphp, which drops privileges to the user owning the file and executes the php-cgi binary, feeding the generated content back to the server. I want this to work with the targeted selinux policy. Right now, the httpd error log shows: [Sat Sep 09 06:05:36 2006] [error] [client 127.0.0.1] (13)Permission denied: couldn't create child process: /usr/sbin/suphp for /home/andreas/public_html/test.php I tried relabeling the suphp binary with httpd_suexec_exec_t but this doesn't seem to help at all. Strangely, I'm not seeing anything related in the audit.log. A helpful user added a preliminary selinux policy to bugzilla for mod_suphp. <https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=135912> It'd be great, if someone knowledgable could take a look at it and comment. bye, andreas -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
