-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruno Wolff III wrote: > On Mon, Nov 17, 2008 at 09:33:50 -0500, > Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> Bruno Wolff III wrote: >>> I was making a modified version of the guest policy that needed to be able >>> to edit and run some perl scripts that also are visible to the web server. >>> I used the manage_files macro and allowed execute, but I can't run the >>> script directly. But I can run it via perl. >>> >>> For example: >>> >>> [tomarndt@wolff area]$ ./newcheck.pl >>> -bash: ./newcheck.pl: /usr/bin/perl: bad interpreter: Permission denied >> getsebool -a | grep xgues >> allow_xguest_exec_content --> off >> >> xguest is not allowed by default to execute anything in its home dir. >> Turning on this boolean should allow it. > > I tried this and it didn't work. I think there is something else going on > though, as I got a different error before I added: > allow tom_t httpd_sys_script_exec_t:file execute; > I think that running a shell script needs something else, but I don't know > what. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Yes you are right. I did not read your message fully. You are trying to execute an apache script, http_sys_script_exec_t, which is not allowed without the rule you added. If you change the label to http_user_script_exec_t it should be able to execute. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkhjyEACgkQrlYvE4MpobNIlwCfZAVy2T//eSdXTmCpfqrIFTAx O9oAoIBT0+htYNSfQO1H33ruU/rQ0qqc =qOHN -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
