Greetings all, I've set up a simple apache webserver with cgi-script executing python code on RHEL6. With selinux disabled, the script returns output fine to a browser but with selinux enforced I receive a 500 Internal Server error and permission denied in ssl_error_log with nothing logged to audit.log even though don't audit rules is disabled. audit2allow -a -l is clean as well. I am able to successfully execute the script on the command line under apache's context httpd_t, so it's only when returning the content to the browser that the 500 Internal Server error occurs. Anyone have any idea to help troubleshoot? Pertinent information below, any help is greatly appreciated. Thanks in advance, >> ssl_error_log when accessing through the browser: [Tue Apr 10 09:37:43 2012] [error] (13)Permission denied: exec of '/var/www/cgi-bin/index.py' failed [Tue Apr 10 09:37:43 2012] [error] Premature end of script headers: index.py >> Apache is running under context httpd_t: # /bin/ps axZ | grep http unconfined_u:system_r:httpd_t:s0 12716 ? Ss 0:00 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 12719 ? S 0:00 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 12720 ? S 0:00 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 12721 ? S 0:00 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 12722 ? S 0:00 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 12723 ? S 0:00 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 12724 ? S 0:00 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 12725 ? S 0:00 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 12726 ? S 0:00 /usr/sbin/httpd >> Able to execute the script successfully under apache with context httpd_t: # sudo -u apache -t httpd_t ./index.py Content-Type: text/plain;charset=utf-8 Hello World! >> sebool's have at least httpd_enable_cgi: # getsebool -a | grep http | grep "\-\-> on" httpd_builtin_scripting --> on httpd_dbus_avahi --> on httpd_enable_cgi --> on httpd_execmem --> on httpd_tty_comm --> on httpd_unified --> on >> All contexts, importantly httpd_sys_script_exec_t for cgi-bin and index.py within: # ls -lZd /var/www/ drwxr-xr-x. root apache system_u:object_r:httpd_sys_content_t:s0 /var/www/ # ls -lZd /var/www/* drwxr-xr-x. root apache system_u:object_r:httpd_sys_script_exec_t:s0 /var/www/cgi-bin drwxr-xr-x. root apache system_u:object_r:httpd_sys_content_t:s0 /var/www/html # ls -lZd /var/www/cgi-bin/* -rwxr-xr-x. root apache system_u:object_r:httpd_sys_script_exec_t:s0 /var/www/cgi-bin/index.py -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
