targeted policy clashes CGI program under apache

Christofer C. Bell christofer.c.bell at
Tue Mar 22 08:29:47 UTC 2005

On Mon, 21 Mar 2005 23:13:42 -0800, Ben <bench at> wrote:
> I would like to use SELinux, but there's "like" and "need", and right
> now I need to get this working. So, if there's no quick fix, is there a
> way to disable SELinux on just this one CGI, do I have to disable it
> for all of apache?

Look into audit2allow(8).  While using this tool to get your CGI
working will remove the same protection on other CGI scripts, you'll
be able to maintain some modicum of SELinux protection other than what
you're turning off to get this working.  Even if your final result is
"less secure" than running the full policy, it will be "more secure"
than disabling SELinux entirely.


"Build a man a fire and he will be warm for the rest of the night.  Set
a man on fire and he will be warm for the rest of his life."  -- Unknown

More information about the fedora-selinux-list mailing list