targeted policy clashes CGI program under apache
Ben
bench at silentmedia.com
Tue Mar 22 07:13:42 UTC 2005
I'm attempted to use the latest targeted policy under FC3, and while it
generally works well, we're running into some problems when it comes
time to pipe data from PHP into a complex CGI we have. The error we see
is this:
Mar 21 22:17:11 blingbling kernel: audit(1111472231.280:0): avc:
denied { getsched } for pid=405 exe=/var/www/test/cgi-bin/clip
scontext=user_u:system_r:httpd_sys_script_t
tcontext=user_u:system_r:httpd_sys_script_t tclass=process
Apache's error log shows this:
GThread-ERROR **: file gthread-posix.c: line 135 (): error 'Operation
not permitted' during 'pthread_getschedparam (pthread_self(), &policy,
&sched)'aborting...
My CGI does use glib threads; is that a bad thing?
I would like to use SELinux, but there's "like" and "need", and right
now I need to get this working. So, if there's no quick fix, is there a
way to disable SELinux on just this one CGI, do I have to disable it
for all of apache?
More information about the fedora-selinux-list
mailing list