perl/cgi script problem

Arthur Stephens astephens at ptera.net
Mon Dec 6 18:49:13 UTC 2004


Then I replaced the filecontents with the filecontents.rpmnew
and policy.8 with policy.8.rpm new
and now I get theses messages...

Dec  6 13:19:21 webmail kernel: audit(1102367961.429:0): avc:  denied  {
unlink } for  pid=1959 exe=/usr/sbin/httpd name=ssl_mutex.1959 dev=dm-0
ino=229025 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t
tclass=file
Dec  6 13:19:22 webmail httpd: httpd startup succeeded
Dec  6 13:19:22 webmail kernel: audit(1102367962.716:0): avc:  denied  {
unlink } for  pid=1960 exe=/usr/sbin/httpd name=ssl_mutex.1959 dev=dm-0
ino=229025 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t
tclass=file

But httpd is not running because
service httpd status yields..
httpd dead but subsys locked

: (

Arthur Stephens
Sales Technician
Ptera Wireless Internet
astephens at ptera.net
509-927-Ptera

----- Original Message ----- 
From: "Arthur Stephens" <astephens at ptera.net>
To: "Fedora SELinux support list for users & developers."
<fedora-selinux-list at redhat.com>
Sent: Monday, December 06, 2004 10:19 AM
Subject: Re: perl/cgi script problem


> Ok so I did this upgrade but there must be something else I need to do
> because I still have the same errors
>
> Arthur Stephens
> Sales Technician
> Ptera Wireless Internet
> astephens at ptera.net
> 509-927-Ptera
>
> ----- Original Message ----- 
> From: "Daniel J Walsh" <dwalsh at redhat.com>
> To: "Fedora SELinux support list for users & developers."
> <fedora-selinux-list at redhat.com>
> Sent: Friday, December 03, 2004 11:34 AM
> Subject: Re: perl/cgi script problem
>
>
> > Arthur Stephens wrote:
> >
> > > Ok I thought I had this SELinux thing figured out atleast a little.
> > > Finally got httpd to startup.
> > > But now I have perl/cgi script problems.
> > > When trying to access my Genesis WebAuthoring System the script works
> > > in the /cgi-bin/genesis/ directory displaying the login screen
> > > but when I go to log in I get this error message.
> > > **
> > > *Error:* could not write to file
> > >
'/var/www/pteraweb/cgi-bin/genesis/script_data/accounts/.webauth_tokens'
> > > - Permission denied - Permission denied
> > >
> > > Plus these on the console
> > > Dec  2 21:04:37 webmail kernel: audit(1102050277.791:0): avc:  denied
> > > { search } for  pid=2359 exe=/usr/bin/perl name=sys dev=proc
> > > ino=-268435431 scontext=root:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:sysctl_t tclass=dir
> > > Dec  2 21:04:54 webmail kernel: audit(1102050294.906:0): avc:  denied
> > > { search } for  pid=2360 exe=/usr/bin/perl
> > > scontext=root:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:sysctl_kernel_t tclass=dir
> > > Dec  2 21:04:54 webmail kernel: audit(1102050294.906:0): avc:  denied
> > > { search } for  pid=2360 exe=/usr/bin/perl name=sys dev=proc
> > > ino=-268435431 scontext=root:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:sysctl_t tclass=dir
> > > Dec  2 21:04:55 webmail kernel: audit(1102050295.132:0): avc:  denied
> > > { write } for  pid=2360 exe=/usr/bin/perl name=.webauth_tokens
> > > dev=dm-0 ino=228251 scontext=root:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:httpd_sys_content_t tclass=file
> > > Oh I know what this means so I added this to my custom.fc
> > > /var/www/.*/cgi-bin(/.*)? system-u:object_r:httpd_sys_script_exec_t
> > >
> > > which is what I saw in file_contexts for /var/www/cgi-bin
> > >
> > > make load
> > > fixfiles relabel
> > >
> > > The log shows it relabled everything.
> > > But now I get...
> > >
> > > Dec  3 13:42:38 webmail kernel: audit(1102110158.398:0): avc:  denied
> > > { search } for  pid=1873 exe=/usr/bin/perl name=sys dev=proc
> > > ino=-268435431 scontext=user_u:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:sysctl_t tclass=dir
> > > Dec  3 13:42:47 webmail kernel: audit(1102110167.739:0): avc:  denied
> > > { search } for  pid=1874 exe=/usr/bin/perl
> > > scontext=user_u:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:sysctl_kernel_t tclass=dir
> > > Dec  3 13:42:47 webmail kernel: audit(1102110167.740:0): avc:  denied
> > > { search } for  pid=1874 exe=/usr/bin/perl name=sys dev=proc
> > > ino=-268435431 scontext=user_u:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:sysctl_t tclass=dir
> > > Dec  3 13:42:47 webmail kernel: audit(1102110167.964:0): avc:  denied
> > > { write } for  pid=1874 exe=/usr/bin/perl name=.webauth_tokens
> > > dev=dm-0 ino=228251 scontext=user_u:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=file
> > > So I ran out of what I know to do or maybe I messed things up.
> > >
> > >
> > > Arthur Stephens
> > > Sales Technician
> > > Ptera Wireless Internet
> > > astephens at ptera.net <mailto:astephens at ptera.net>
> > > 509-927-Ptera
> > >
> >
>------------------------------------------------------------------------
> > >
> > >--
> > >fedora-selinux-list mailing list
> > >fedora-selinux-list at redhat.com
> > >http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >
> > We have placed an update to the SELinux policy that should fix this
> problem.
> > I am not sure it has made it into Fedora-Updates yet.  The latest policy
> > is available at
> >
> > ftp://people.redhat.com/dwalsh/SELinux/FC3
> >
> > Dan
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list




More information about the fedora-selinux-list mailing list