cgiirc

Daniel J Walsh dwalsh at redhat.com
Mon Aug 29 17:09:33 UTC 2005 

Eric Tanguy wrote:

>Le jeudi 18 août 2005 à 10:42 +0200, Eric Tanguy a écrit :
>  
>
>>I try to make cgiirc working on my system. Apache works fine and selinux
>>Allow HTTPD scripts to connect to the network is enable. So i can cgiirc
>>to connect to an irc server. I can see what is said on the channel but i
>>can't make any action. If i disable selinux all works fine. If i enable
>>selinux i have this in /var/log/audit/audit.log : 
>>type=AVC msg=audit(1124298167.251:3778508): avc:  denied  { read } for
>>pid=3907 comm="irc.cgi" name="formats" dev=dm-0 ino=8323109
>>scontext=system_u:system_r:httpd_sys_script_t
>>tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=dir
>>type=SYSCALL msg=audit(1124298167.251:3778508): arch=40000003 syscall=5
>>success=no exit=-13 a0=94586b8 a1=18800 a2=94586b8 a3=9430fe0 items=1
>>pid=3907 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
>>sgid=48 fsgid=48 comm="irc.cgi" exe="/usr/bin/perl"
>>type=CWD msg=audit(1124298167.251:3778508):
>>cwd="/var/www/cgi-bin/cgiirc"
>>type=PATH msg=audit(1124298167.251:3778508): item=0 name="formats"
>>flags=103  inode=8323109 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
>>type=AVC msg=audit(1124298171.144:3812320): avc:  denied  { connectto }
>>for  pid=3922 comm="client-perl.cgi" name="sock"
>>scontext=system_u:system_r:httpd_sys_script_t
>>tcontext=system_u:system_r:httpd_sys_script_t tclass=unix_stream_socket
>>type=SYSCALL msg=audit(1124298171.144:3812320): arch=40000003
>>syscall=102 success=no exit=-13 a0=3 a1=bfc86690 a2=45b3bc0 a3=6e
>>items=1 pid=3922 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48
>>egid=48 sgid=48 fsgid=48 comm="client-perl.cgi" exe="/usr/bin/perl"
>>type=AVC_PATH msg=audit(1124298171.144:3812320):
>>path="/tmp/cgiirc-0coinr388dt/sock"
>>type=SOCKADDR msg=audit(1124298171.144:3812320):
>>saddr=01002F746D702F6367696972632D30636F696E7233383864742F736F636B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
>>
>>But it's very difficult to understand where is the problem.
>>Someone could help me?
>>Thanks
>>
>>    
>>
>
>Noone could help me with this problem ?
>
>  
>
Are you running the latest policy.  Both of these problems are fixed in it.

>--
>Eric Tanguy | Nantes, France 
><eric.tanguy at univ-nantes.fr>
>Key : A4B8368F | Key Server : subkeys.pgp.net 
>Fedora Core release 4 (Stentz) sur athlon kernel 2.6.12-1.1398_FC4
>
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>  
>


--

More information about the fedora-selinux-list mailing list