search for: httpd_disable_tran

...d on for the first time: # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted I can #setsebool -P httpd_disable_trans on and httpd starts - but there's zero enforcing now as I understand it. Further digging & I get to: # cat /var/log/audit/audit.log | audit2allow -m local module local 1.0; require { type portmap_t; type httpd_t; type file_t; class lnk_file read;...

...dev=dm-0 ino=520402 scontext=root:system_r:httpd_suexec_t tcontext=system_u:object_r:usr_t tclass=lnk_file %-------------------------- This is independent of the script being perl or sh, and despite the errors the cgi executes correctly. 'sestatus' reports: httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgi active httpd_enable_homedirs inactive httpd_ssi_exec inactive httpd_tty_comm inactive httpd_unified inactive Either httpd_ssi_exec or httpd_unified have made no difference in those errors. When I deactivate mod_suexec and comment...

SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files,

...kka_script_anon_write --> off allow_httpd_squid_script_anon_write --> off allow_httpd_sys_script_anon_write --> off httpd_builtin_scripting --> on httpd_can_network_connect --> off httpd_can_network_connect_db --> off httpd_can_network_relay --> off httpd_can_sendmail --> on httpd_disable_trans --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> on httpd_read_user_content --> off httpd_rotatelogs_disable_trans --> off httpd_ssi_exec --> off httpd_suexec_disable_trans --> off httpd_tty_comm --> on httpd_unified --> on htt...