httpd can't execute bash?
Daniel J Walsh
dwalsh at redhat.com
Thu Jun 8 18:46:49 UTC 2006
Jouni Viikari wrote:
> On Tue, 6 Jun 2006, James Antill wrote:
>
>> On Mon, 2006-05-29 at 19:47 +0300, Jouni Viikari wrote:
>>> On Sun, 2006-05-28 at 10:58 +0100, Paul Howarth wrote:
>>>> On Sun, 2006-05-28 at 12:43 +0300, Jouni Viikari wrote:
>>>>> I have the same problem:
>>>>>
>>>>> type=AVC msg=audit(1148808793.986:30189): avc: denied { execute
>>>>> } for
>>>>> pid=18644 comm="httpd" name="bash" dev=dm-0 ino=3440979
>>>>> scontext=user_u:system_r:httpd_t:s0
>>>>> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
>> [...]
>>> It is a php-script doing basically ugly 'system("cat xyz");'
>>>
>>> #ls -Z
>>> system_u:object_r:httpd_sys_content_t
>>>
>>> This is just a testing_something.php where I happened to notice a
>>> change
>>> in a behavior.
>>
>> See "man httpd_selinux" ... summary is you need at least:
>>
>> chcon -t httpd_sys_exec_t
>
> Yeah, I thought the context might not be rigth. Anyway the behaviour
> has changed.
>
> However, there seems not to be httpd_sys_exec_t (trying above gives
> "Invalid argument"). If I try httpd_sys_script_exec_t it does not work
> either.
>
> Biggest problem I just found out is that I can not send mail any more
> from
> SquirrelMail (standard FC5 package):
>
>
> type=AVC msg=audit(1149674474.840:81196): avc: denied { execute } for
> pid=20207 comm="httpd" name="bash" dev=dm-0 ino=3440979
> scontext=user_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:shell_exec_t:s0
> tclass=file
>
setsebool httpd_ssi_exec=1
should turn this on
>
> -Jouni
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list