> You have two problems. > > #============= httpd_sys_script_t ============== > allow httpd_sys_script_t mnt_t:dir search; > > You need to load a custom policy to allow you cgi scripts to read > through the /mnt directory > > allow httpd_sys_script_t var_t:dir getattr; > > This one does not make sense this rule should be allowed in all default > policies? What policy are you running. Apache scripts should be able > to search/getattr on var_t in order to use /var/www/ > > Neither of these avc's are much of a security risk to allow. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkjsm2cACgkQrlYvE4MpobMIFQCg4SenCLanOIaIIc0m5ozndTR5 > HX4An26oG117iKH1aqsETEWJw9CrfiUf > =cY7A > -----END PGP SIGNATURE----- > My policy version is 18, the package: 1.17.30-2.150.el4 I will try with a custom policy thus, I'll tell you if i face further issues. Thanks a lot, Fab -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
