dispatch.fcgi aka fastcgi
Daniel J Walsh
dwalsh at redhat.com
Wed Feb 15 21:31:10 UTC 2006
Craig White wrote:
> trying to work with ruby on rails and apache w/ fastcgi and implementing
> fastcgi has left me with a real problem with all sorts of things...I'm
> thinking that it just might be best to give fastcgi a get out of jail
> free card (how do I do that?)
>
> This was only a click or two...there's no telling how many I can get by
> trying to use the thing (which of course seems pointless since it is
> denying me access to things like my css files so it looks like hell
> too...
>
> Feb 14 01:37:19 srv2 kernel: audit(1139906239.590:47): avc: denied
> { search } for pid=28974 comm="dispatch.fcgi" name="ruby-db" dev=dm-1
> ino=1212642 scontext=root:system_r:htt
> pd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=dir
> Feb 14 01:37:19 srv2 kernel: audit(1139906239.591:48): avc: denied
> { read } for pid=28974 comm="dispatch.fcgi" name="environment.rb"
> dev=dm-1 ino=1212686 scontext=root:system_
> r:httpd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=file
> Feb 14 01:37:19 srv2 kernel: audit(1139906239.591:49): avc: denied
> { getattr } for pid=28974 comm="dispatch.fcgi" name="environment.rb"
> dev=dm-1 ino=1212686 scontext=root:syst
> em_r:httpd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=file
> Feb 14 01:37:21 srv2 kernel: audit(1139906241.708:50): avc: denied
> { getattr } for pid=28974 comm="dispatch.fcgi" name="models" dev=dm-1
> ino=1212648 scontext=root:system_r:htt
> pd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=dir
> Feb 14 01:37:21 srv2 kernel: audit(1139906241.709:51): avc: denied
> { read } for pid=28974 comm="dispatch.fcgi" name="models" dev=dm-1
> ino=1212648 scontext=root:system_r:httpd_
> sys_script_t tcontext=user_u:object_r:user_home_t tclass=dir
> Feb 14 01:37:21 srv2 kernel: audit(1139906241.727:52): avc: denied
> { append } for pid=28974 comm="dispatch.fcgi" name="production.log"
> dev=dm-1 ino=1212718 scontext=root:syste
> m_r:httpd_sys_script_t tcontext=user_u:object_r:user_home_t tclass=file
> Feb 14 01:37:21 srv2 kernel: audit(1139906241.781:53): avc: denied
> { getattr } for pid=28974 comm="dispatch.fcgi" name="fastcgi.crash.log"
> dev=dm-1 ino=1215942 scontext=root:s
> ystem_r:httpd_sys_script_t tcontext=root:object_r:user_home_t
> tclass=file
> Feb 14 01:37:21 srv2 kernel: audit(1139906241.781:54): avc: denied
> { append } for pid=28974 comm="dispatch.fcgi" name="fastcgi.crash.log"
> dev=dm-1 ino=1215942 scontext=root:sy
> stem_r:httpd_sys_script_t tcontext=root:object_r:user_home_t tclass=file
> Feb 14 01:37:21 srv2 kernel: audit(1139906241.784:55): avc: denied
> { getattr } for pid=28974 comm="dispatch.fcgi"
> name="258e9c185bb365445884d61bf2121a01" scontext=root:system_
> r:httpd_sys_script_t tcontext=root:system_r:httpd_t
> tclass=unix_stream_socket
> Feb 14 01:37:21 srv2 kernel: audit(1139906241.784:56): avc: denied
> { accept } for pid=28974 comm="dispatch.fcgi"
> name="258e9c185bb365445884d61bf2121a01" scontext=root:system_r
> :httpd_sys_script_t tcontext=root:system_r:httpd_t
> tclass=unix_stream_socket
> Feb 14 01:37:22 srv2 kernel: audit(1139906242.315:57): avc: denied
> { shutdown } for pid=28974 comm="dispatch.fcgi"
> name="258e9c185bb365445884d61bf2121a01" scontext=root:system
> _r:httpd_sys_script_t tcontext=root:system_r:httpd_t
> tclass=unix_stream_socket
>
>
You need to label the files/directory that the cgi wants to manipulate
on your homedirs as httpd_sys_script_rw_t
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list