Displaying 5 results from an estimated 5 matches for "httpd_sys_script_exec_t".
2011 Jan 17
1
SELinux : semodule_package, magic number does not match
Hello,
I am trying to create a custom policy, but with no succes :
$ cat <<EOF> foo.te
module local 1.0;
require {
type httpd_sys_script_exec_t;
type httpd_sys_script_t;
class lnk_file read;
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read;
EOF
$ checkmodule -M -m -o foo.mod foo.te
checkmodule: loading policy configuration from foo.te
checkmodule: policy c...
2017 Sep 04
5
selinux denial of cgi script with httpd using ssl
Thanks for your help.
I did pick up an additional entry in the audit file :
type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for
pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0"
ino=537182029 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
Unfortunately, I am not sure how the
2017 Sep 04
0
selinux denial of cgi script with httpd using ssl
...rom above log entry you see that the file object denied to execute
('/var/www/cgi-bin/name.of.script.cgi) has the SELinux context type
httpd_sys_content_t.
# semanage fcontext -l | grep '/var/www/cgi-bin'
/var/www/cgi-bin(/.*)? all files
system_u:object_r:httpd_sys_script_exec_t:s0
[ ... ]
The permitted type is httpd_sys_script_exec_t.
`restorecon -Rv /var/www/cgi-bin/' can fix it. Or more targeted `chcon
-t httpd_sys_script_exec_t /var/www/cgi-bin/name.of.script.cgi'.
Both audit2why and audit2allow suggest to activate a boolean which you
may not want to set a...
2008 Sep 22
2
Getting perl CGI programs to work on CentOS 5 server
I'm trying to get perl CGI programs to work from the cgi-bin (actually a
sub-directory cgi-bin/various) and have set appropriate permissions
using chmod 755. I'm currently testing using the simplest cgi program,
you know the one:
#!/usr/bin/perl
# howdy--the easiest of CGI programs
use CGI;
print <<END_of_Multiline_Text;
Content-type: text/html
<HTML>
<HEAD>
2015 Mar 05
1
SELinux kills Cassandra based website
Hi Jeremy,
An easy way to start troubleshooting these is to look at the audit logs and
> see what SELInux is blocking. You have /McFrazier in the email.. if that's
> off the root tree than unless you've set permissions to allow httpd to look
> at tat folder, I bet that's one problem.
> if you run ls -Z you can see the labels that are present on those folders,
> that