A cgi issue

Tue Jul 16 14:11:21 UTC 2013

Before I create a local policy, could someone explain to me the reason
that the standard policy (CentOS 6.4,
selinux-policy-3.7.19-195.el6_4.12.noarch,
selinux-policy-targeted-3.7.19-195.el6_4.12.noarch) does not allow a .cgi
script to read a configuration file?

grep ticket2 /var/log/audit/audit.log | audit2allow

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t httpd_config_t:file { read ioctl open getattr };

      mark