Which permission to execute a script?
Daniel J Walsh
dwalsh at redhat.com
Mon Nov 17 15:34:58 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bruno Wolff III wrote:
> On Mon, Nov 17, 2008 at 09:33:50 -0500,
> Daniel J Walsh <dwalsh at redhat.com> wrote:
>> Bruno Wolff III wrote:
>>> I was making a modified version of the guest policy that needed to be able
>>> to edit and run some perl scripts that also are visible to the web server.
>>> I used the manage_files macro and allowed execute, but I can't run the
>>> script directly. But I can run it via perl.
>>>
>>> For example:
>>>
>>> [tomarndt at wolff area]$ ./newcheck.pl
>>> -bash: ./newcheck.pl: /usr/bin/perl: bad interpreter: Permission denied
>> getsebool -a | grep xgues
>> allow_xguest_exec_content --> off
>>
>> xguest is not allowed by default to execute anything in its home dir.
>> Turning on this boolean should allow it.
>
> I tried this and it didn't work. I think there is something else going on
> though, as I got a different error before I added:
> allow tom_t httpd_sys_script_exec_t:file execute;
> I think that running a shell script needs something else, but I don't know
> what.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Yes you are right. I did not read your message fully.
You are trying to execute an apache script, http_sys_script_exec_t,
which is not allowed without the rule you added.
If you change the label to http_user_script_exec_t it should be able to
execute.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkhjyEACgkQrlYvE4MpobNIlwCfZAVy2T//eSdXTmCpfqrIFTAx
O9oAoIBT0+htYNSfQO1H33ruU/rQ0qqc
=qOHN
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list