On 06/15/2018 12:13 PM, Paul Howarth wrote: > On Thu, 14 Jun 2018 14:21:26 -0400 > m.roth@xxxxxxxxx wrote: > >> Jason L Tibbitts III wrote: >>> Not sure if you realize, but you didn't actually include any >>> information about the denial you are receiving. It's kind of tough >>> to guess at what it might be. >> >> SELinux is preventing Count.cgi from write access on the file... >> Source Context system_u:system_r:httpd_sys_script_t:s0 >> Target Context >> unconfined_u:object_r:httpd_sys_script_exec_t:s0 >> Policy RPM selinux-policy-3.13.1-192.el7_5.3.noarch >> Raw Audit Messages >> type=AVC msg=audit(1528998541.365:53668): avc: denied { write } for >> pid= <snip> scontext=system_u:system_r:httpd_sys_script_t:s0 >> tcontext=unconfined_u:object_r:httpd_sys_script_exec_t:s0 tclass=file >> >> Better? > > The file you want to write to should probably be > httpd_sys_rw_content_t rather than httpd_sys_script_exec_t. > Agree with Paul, however should be file you want to write be executed as cgi-bin script? Lukas. > Paul. > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/JHEGQQVA65EHGZGO53ZJZRDRQYCAW2AZ/ > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/WF6W7B337L6ZZBG5UIHJHAYZ72JTWZF5/