CGI script calling sudo
Jochen Wiedmann
jochen.wiedmann at gmail.com
Mon Jul 17 19:05:00 UTC 2006
Hi,
I have a CGI script with the following permissions:
-rwxr-xr-x root root
root:object_r:httpd_unconfined_script_exec_t mpver.cgi
This script is internally invoking "sudo". Sudo itself is a wrapper for
-rwxr-xr-x root root system_u:object_r:shell_exec_t
/usr/sbin/sesh
This invocation fails, however:
Jul 17 20:51:35 fibudbserver kernel: audit(1153162295.966:6): avc:
denied { transition } for pid=20441 comm="sudo" name="sesh"
dev=sda1 ino=235570 scontext=user_u:system_r:httpd_unconfined_script_t
tcontext=root:system_r:unconfined_t tclass=process
What do I need to change?
Regards,
Jochen
--
Whenever you find yourself on the side of the
majority, it is time to pause and reflect.
(Mark Twain)
More information about the fedora-selinux-list
mailing list