I'm attempted to use the latest targeted policy under FC3, and while it
generally works well, we're running into some problems when it comes
time to pipe data from PHP into a complex CGI we have. The error we see
is this:
Mar 21 22:17:11 blingbling kernel: audit(1111472231.280:0): avc:
denied { getsched } for pid=405 exe=/var/www/test/cgi-bin/clip
scontext=user_u:system_r:httpd_sys_script_t
tcontext=user_u:system_r:httpd_sys_script_t tclass=process
Apache's error log shows this:
GThread-ERROR **: file gthread-posix.c: line 135 (): error 'Operation
not permitted' during 'pthread_getschedparam (pthread_self(), &policy,
&sched)'aborting...
My CGI does use glib threads; is that a bad thing?
I would like to use SELinux, but there's "like" and "need", and
right
now I need to get this working. So, if there's no quick fix, is there a
way to disable SELinux on just this one CGI, do I have to disable it
for all of apache?