Re: awstats and selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Lemmons wrote:
<lots of snipped stuff>
> Anyway, when I looked there I saw:
> 
> 
> ...kernel: audit(1146243585.213:27): avc:  denied  { execute } for
> pid=20973 comm="httpd" name="awstats.pl" dev=dm-0 ino=1082675
> scontext=root:system_r:httpd_t 
> tcontext=system_u:object_r:usr_t
so the selinux file context of the awstats perl script is wrong. OR at
least it is set to something (usr_t) that apache (running in the httpd_t
domain) is not permitted to execute.

> tclass=file
what happens if you do
chcon -t httpd_sys_script_exec_t /path/to/awstats.pl

system_u:object_r:httpd_sys_script_exec_t is the standard context for
cgi scripts. httpd_t is allowed to run these.

(you may need to do this for the other awstats scripts as well, if there
are a few)
> 
> 
> I turned off selinux with the "setenforce 0" command and it started
> working. 
> 
> Now, the problem here is that I really do not want to run my production
> server without selinux turned on and was not able to figure out how to
> correct the conflict. Anybody that could offer a pointer in the right
> direction will be my new best friend :)

HTH

Regards

Stuart
- --
Stuart Sears RHCA RHCX
To err is human, to forgive is Not Company Policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEUoufamPtx1brPQ4RAjLAAJ9xX2iJQhPSngwwSJ0mF8UaPNdC1wCfYdue
c/QrHOLubzX1f5ppPTkL908=
=gK6a
-----END PGP SIGNATURE-----


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux