<pre>Hello!<br><br>I want to access public_html files from CGI script, but can't do it -<br>got AVC error during reading README file from public_html dir:<br><br>-----------------------------------------------------------------------
<br>[root@elc6002s nuald]# tail /var/log/messages | grep setroubleshoot -m 1<br><br>Nov 29 13:42:51 elc6002s setroubleshoot: #012 SELinux is preventing<br>the format.cgi from using potentially mislabeled files <Unknown>
<br>(unconfined_home_dir_t).#012 For complete SELinux messages. run<br>sealert -l 69519bd7-3e77-46d9-b845-7f066c4515e6<br>-----------------------------------------------------------------------<br><br>I have only one item with unconfined_home_dir_t type in the path to
<br>README file:<br><br>-----------------------------------------------------------------------<br>[nuald@elc6002s public_html]$ ls -Z `pwd`/README && pushd . > /dev/null<br>&& while [[ `pwd` != '/' ]]; do ls -Zd `pwd` && cd ..; done && popd >
<br>/dev/null<br><br>-rw-rw-r-- nuald nuald system_u:object_r:httpd_user_content_t:s0<br>/home/nuald/public_html/README<br>drwxrwxr-x nuald nuald system_u:object_r:httpd_user_content_t:s0<br>/home/nuald/public_html<br>drwx--x--x nuald nuald unconfined_u:object_r:unconfined_home_dir_t:s0
<br>/home/nuald<br>drwxr-xr-x root root system_u:object_r:home_root_t:s0 /home<br>-----------------------------------------------------------------------<br><br>So, only my home dir have unconfined_home_dir_t type. But I do not want
<br>to change it to httpd_sys_content_t type and I don't like this solution.<br><br>The CGI script itself works fine either it have httpd_user_content_t<br>type now:<br><br>-----------------------------------------------------------------------
<br>[nuald@elc6002s cgi-bin]$ ls -Z `pwd`/format.cgi && pushd . > /dev/null<br>&& while [[ `pwd` != '/' ]]; do ls -Zd `pwd` && cd ..; done && popd ><br>/dev/null<br><br>-rwxr-xr-x nuald nuald system_u:object_r:httpd_user_content_t:s0
<br>/home/nuald/public_html/cgi-bin/format.cgi<br>drwxr-xr-x nuald nuald system_u:object_r:httpd_user_content_t:s0<br>/home/nuald/public_html/cgi-bin<br>drwxrwxr-x nuald nuald system_u:object_r:httpd_user_content_t:s0<br>
/home/nuald/public_html<br>drwx--x--x nuald nuald unconfined_u:object_r:unconfined_home_dir_t:s0<br>/home/nuald<br>drwxr-xr-x root root system_u:object_r:home_root_t:s0 /home<br>-----------------------------------------------------------------------
<br><br>So the script only can't read files in public_html folder. What is right<br>way to fix it?<br><br>The script itself is below and used as<br><a class="moz-txt-link-freetext" href="http://localhost/%7Enuald/cgi-bin/format.cgi?file=README">
http://localhost/~nuald/cgi-bin/format.cgi?file=README</a><br>-----------------------------------------------------------------------<br>[nuald@elc6002s cgi-bin]$ cat format.cgi<br><br>#!/usr/bin/perl -wT<br><br>use strict;
<br>use CGI qw/:standard/;<br>use IO::File;<br>use File::Spec;<br>use Cwd 'realpath';<br><br>print header;<br>my $filename = param('file') or die "Can be executed only as CGI";<br>my $updir = File::Spec->updir();
<br>my $rel_path = File::Spec->catfile($updir, $filename);<br>my $path = realpath($rel_path) ;<br>my $file = IO::File->new($path,"<") or die "Can't open file $path";<br>my $text = join "", <$file>;
<br>$file->close or die "Can't close file";<br><br>print $text;<br>-----------------------------------------------------------------------<br><br>Thanks in advance.<br><br><div class="moz-txt-sig">-- <br>
Best regards, Alex Slesarev.<br></div></pre>