On 06/15/2018 12:13 PM, Paul Howarth wrote:
On Thu, 14 Jun 2018 14:21:26 -0400
m.roth(a)5-cent.us wrote:
> Jason L Tibbitts III wrote:
>> Not sure if you realize, but you didn't actually include any
>> information about the denial you are receiving. It's kind of tough
>> to guess at what it might be.
>
> SELinux is preventing Count.cgi from write access on the file...
> Source Context system_u:system_r:httpd_sys_script_t:s0
> Target Context
> unconfined_u:object_r:httpd_sys_script_exec_t:s0
> Policy RPM selinux-policy-3.13.1-192.el7_5.3.noarch
> Raw Audit Messages
> type=AVC msg=audit(1528998541.365:53668): avc: denied { write } for
> pid= <snip> scontext=system_u:system_r:httpd_sys_script_t:s0
> tcontext=unconfined_u:object_r:httpd_sys_script_exec_t:s0 tclass=file
>
> Better?
The file you want to write to should probably be
httpd_sys_rw_content_t rather than httpd_sys_script_exec_t.
Agree with Paul, however should be file you want to write be executed as
cgi-bin script?
Lukas.
Paul.
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.