CGI and Selinux

Nair, Murlidharan T mnair at iusb.edu
Fri Sep 29 16:38:02 UTC 2006 

 

________________________________

From: redhat-install-list-bounces at redhat.com on behalf of Stuart Sears
Sent: Fri 9/29/2006 6:16 AM
To: Getting started with Red Hat Linux
Subject: Re: CGI and Selinux



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nair, Murlidharan T wrote:
> I am trying to get my cgi to work on my server but for some reason,
> which I feel may be associated with some setting with selinux,
> it fails to run.
> I did the following
> 
> chcon -h -t httpd_sys_script_exec_t  /mnt/webservice/splicecgi-bin

And what are the error messages that tell you that this is
SELinux-related? (you could well be correct)

Pasting an example would help.
Look for messages containing 'avc' and 'http' in /var/log/messages
or possibly /var/log/audit/audit.log (only if you are running auditd)

What are the httpd error messages when you try to access a CGI script?

Have you enabled the cgi boolean for httpd?

# setsebool -P httpd_enable_cgi=1

what is the context on
/mnt/webservice
and its subdirectories?

# ls -Zd mnt/webservice/splicecgi-bin
# ls -Zd /mnt/webservice/splicehtml


does normal http service work for those virtualhosts?

<snip>
> Here is what my httpd.cnf looks like since it is a virtual host.
> Thanks ../Murli

I have set the http_enable_cgi=1 

[root at bioinformatics ~]# ls -Zd /mnt/webservice/splicecgi-bin/
drwxrwxrwx  root     root     system_u:object_r:httpd_sys_script_exec_t /mnt/webservice/splicecgi-bin/
[root at bioinformatics ~]# ls -Zd /mnt/webservice/splicehtml/
drwxrwxrwx  root     root     system_u:object_r:httpd_sys_content_t /mnt/webservice/splicehtml/


Here is the last couple of lines from /var/log/messages

Sep 29 12:07:50 bioinformatics kernel: audit(1159546070.572:41083): avc:  denied  { search } for  pid=9516 comm="tes
t_code.cgi" name="mnt" dev=sda5 ino=98305 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:mnt_t
 tclass=dir
Sep 29 12:09:23 bioinformatics kernel: drivers/usb/input/hid-core.c: input irq status -84 received

Thanks for your help.

Cheers ../murli

 

 

 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4964 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-install-list/attachments/20060929/12548f74/attachment.bin>

More information about the Redhat-install-list mailing list