On 7/27/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Dan Track wrote:
> On 7/27/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
>> Dan Track wrote:
>> > Hi All
>> >
>> > I'm having trouble running software, especially the cgi scripts. I
>> > keep getting the following denial messages:
>> >
>> > audit(1153994541.663:20): avc: denied { execute_no_trans } for
>> > pid=9258 comm="httpd" name="status.cgi" dev=sda2 ino=19426
>> > scontext=root:system_r:httpd_t tcontext=system_u:object_r:lib_t
>> > tclass=file
>> >
>> > The files are located in /usr/lib/nagios/cgi/
>> >
>> > Could some please help me figure this out. I've started to read
>> > through the selinux manual but its a huge climb and would appreciate
>> > ways to solve the above.
>>
>> You should read "man httpd_selinux", which has notes on running CGI
>> programs under SELinux.
>>
>> You generally need to set the SELinux context type of CGI programs to
>> httpd_sys_script_exec_t:
>>
>> # chcon -R -t httpd_sys_script_exec_t /usr/lib/nagios/cgi
>>
>> Is this the nagios version in Fedora Extras? If it is, failure to work
>> with SELinux enabled should be bugzilla-ed.
>>
>> Paul.
>>
>> --
>> fedora-list mailing list
>> fedora-list@xxxxxxxxxx
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
> Hi Paul,
>
> Thanks for the reply. I manged the above before I read you rmessage.
> Thanks for the heads up though. Would you be able to help on the next
> "search" error message.
It's being denied access to search the /var/log directory to see what's
in it.
> Just to add this is a nagios install from source.
Is there some particular reason you're not using the package in Extras,
which *may* have solved these problems already?
Hi Paul
I downloaded the latest version from nagios. I didn't see the latest
version in the repository.
Would you what command to run to fix this problem? I ran audit2allow
and inserted teh rules in local.te, and ran make. I restarted the
httpd, nagios and syslog daemons but still no joy.
Any ideas.
Thanks in advance
Dan
