On 06/15/2018 12:13 PM, Paul Howarth wrote:
> On Thu, 14 Jun 2018 14:21:26 -0400
> m.roth@xxxxxxxxx wrote:
>
>> Jason L Tibbitts III wrote:
>>> Not sure if you realize, but you didn't actually include any
>>> information about the denial you are receiving. It's kind of tough
>>> to guess at what it might be.
>>
>> SELinux is preventing Count.cgi from write access on the file...
>> Source Context system_u:system_r:httpd_sys_script_t:s0
>> Target Context
>> unconfined_u:object_r:httpd_sys_script_exec_t:s0
>> Policy RPM selinux-policy-3.13.1-192.el7_5.3.noarch
>> Raw Audit Messages
>> type=AVC msg=audit(1528998541.365:53668): avc: denied { write } for
>> pid= <snip> scontext=system_u:system_r:httpd_sys_script_t:s0
>> tcontext=unconfined_u:object_r:httpd_sys_script_exec_t:s0 tclass=file
>>
>> Better?
>
> The file you want to write to should probably be
> httpd_sys_rw_content_t rather than httpd_sys_script_exec_t.
>
Agree with Paul, however should be file you want to write be executed as
cgi-bin script?
Lukas.
> Paul.
> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/JHEGQQVA65EHGZGO53ZJZRDRQYCAW2AZ/
>
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/WF6W7B337L6ZZBG5UIHJHAYZ72JTWZF5/
