Hi folks - I have migrated a dedicated server from "FC4" (a very strange FC4 with lilo, xfs-formatted partitions, no selinux, and a Debian kernel) provided by a 1&1 to F7 with only one outstanding minor selinux problem. (The adventures of converting it are documented at http://warmcat.com/_wp/?p=35 if anyone is interested). gitweb no longer works properly with selinux in targeted/enforcing mode. Sep 5 13:23:37 warmcat kernel: audit(1188995017.593:84): avc: denied { read } for pid=3649 comm="gitweb.cgi" name="cgi-bin" dev=md7 ino=5079272 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=dir dev=md7 is /var, it seems the inode in question is /var/www/cgi-bin # ll -Zd /var/www/cgi-bin drwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t /var/www/cgi-bin # ll -Z /var/www/cgi-bin -rw-r--r-- root apache system_u:object_r:httpd_sys_content_t git-favicon.png -rw-r--r-- root apache system_u:object_r:httpd_sys_content_t git-logo.png drwxr-xr-x root apache system_u:object_r:httpd_sys_script_exec_t gitweb -rwxr-xr-x root apache system_u:object_r:httpd_sys_script_exec_t gitweb.cgi -rw-r--r-- root apache system_u:object_r:httpd_sys_content_t gitweb.css -rwxr-xr-x root apache system_u:object_r:httpd_sys_script_exec_t gitweb_defaults.pl -rwxr-xr-x root apache system_u:object_r:httpd_sys_script_exec_t gitweb.perl -rw-r--r-- root apache system_u:object_r:httpd_sys_script_exec_t projects.list Does anyone have any advice about the right way to resolve this? -Andy -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
