Tim wrote:
James Wilkinson:
I've got /tmp mounted nodev,noexec (and should probably mount /var the
same way).
Well, I've found my first problem: Mounting /var with "noexec" means
that CGI scripts won't run for the web server. Took me a few minutes of
headscratching to realise what had gone wrong, as is the way when the
problem happens some time after a change. I've temporarily removed
"noexec" while I consider if I should move the /var/www/cgi-bin/
directory out of /var.
That's the approach I took, though if you do this you'll need to make
sure that the new location retains the "httpd_sys_script_exec_t" SELinux
context.
Paul.
