-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/17/2013 03:18 PM, Dominick Grift wrote:
On Thu, 2013-10-17 at 14:13 -0400, m.roth(a)5-cent.us wrote:
> Now that the US gov't is back, and so am I....
>
> I'm trying to fix a server that was rebooted, and obviously a bunch of
> stuff had the wrong context for some reason (I didn't set it up...)
>
> However: semanage fcontext -a -t httpd_sys_script_t
> "/<pathtowebsite>/<website>/cgi-bin/(.*)?" /usr/sbin/semanage:
Type
> httpd_sys_script_t is invalid, must be a file or device type
>
> The same when I try semanage fcontext -a -t httpd_sys_script_t
> "/<pathtowebsite>/<website>/cgi-bin/(.*)?.cgi"
>
> There are subdirectories, and other stuff, and I really want to change
> the context only on what I want. However, that error message is utterly
> and completely useless and meaningless.
>
> So: what do I need to do to fix the contexts?
>
> mark
>
httpd_sys_script_t is a process type, you are not allowed to label files
with process types:
semanage fcontext -a -t httpd_sys_script_exec_t
"/<pathtowebsite>/<website>/cgi-bin/.*\.cgi"
>
> -- selinux mailing list selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
\
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
You probably want httpd_sys_script_exec_t.
The error message from semanage is actually pretty good.
/usr/sbin/semanage: Type httpd_sys_script_t is invalid, must be a file or
device type
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlJhIbwACgkQrlYvE4MpobOH/QCg45GTjmG3aUTccfIA6/bCtz4C
IdYAn27UeQi/+LtykX/94dk0XQErbEDg
=qyiD
-----END PGP SIGNATURE-----