apache selinx problem

Bill Tangren bjt at aa.usno.navy.mil
Mon Nov 13 14:51:34 UTC 2006 

Jay Berryman wrote:
> Can you send a copy of the script?  SELinux may be killing your script based
> on what it is doing.
> 

Where do I find this script? I've been hunting around in subdirectories of 
/etc/selinux, but not finding any likely suspects.


> Jay Berryman, RHCT, RHCE
> Systems Engineer
> Phone:  (402)-963-6347
> E-Mail:  Jay.Berryman at sitel.com
>  
> 
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient, or the
> authorized agent of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify SITEL immediately by
> telephone at 402.963.6001 and delete the message and any attachments from
> your system. Thank you for your cooperation.
> 
>  
>  
> 
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
> On Behalf Of Bill Tangren
> Sent: Thursday, November 09, 2006 11:53 AM
> To: General Red Hat Linux discussion list
> Subject: Re: apache selinx problem
> 
> Jay Berryman wrote:
>> I just went through everything and noticed something I missed.  Try
> changing
>> the security context of your perl script to the following:  
>>
>> user_u:object_r:httpd_sys_script_exec_t
>>
>> Let me know if that fixes it or not.
> 
> It does not. This is very frustrating. I am contemplating turning off
> SELinux 
> monitoring of the apache server.
> 
>> Jay Berryman, RHCT, RHCE
>> Systems Engineer
>> Phone:  (402)-963-6347
>> E-Mail:  Jay.Berryman at sitel.com
>>  
>>
>> This message and any attachments are intended only for the use of the
>> addressee and may contain information that is privileged and confidential.
>> If the reader of the message is not the intended recipient, or the
>> authorized agent of the intended recipient, you are hereby notified that
> any
>> dissemination of this communication is strictly prohibited. If you have
>> received this communication in error, please notify SITEL immediately by
>> telephone at 402.963.6001 and delete the message and any attachments from
>> your system. Thank you for your cooperation.
>>
>>  
>>  
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]
>> On Behalf Of Bill Tangren
>> Sent: Tuesday, November 07, 2006 9:33 AM
>> To: General Red Hat Linux discussion list
>> Subject: Re: apache selinx problem
>>
>> Jay Berryman wrote:
>>> I don't think it's available in RHEL4.  Can you send the output of
>> getsebool
>>> -a | grep httpd?  It might be that httpd_suexec_disable_trans needs to be
>>> set to off.
>> [root at doggett local]# getsebool -a|grep httpd
>> httpd_builtin_scripting --> active
>> httpd_disable_trans --> inactive
>> httpd_enable_cgi --> active
>> httpd_enable_homedirs --> active
>> httpd_ssi_exec --> active
>> httpd_tty_comm --> inactive
>> httpd_unified --> active
>> [root at doggett local]#
>>
>>
>

More information about the redhat-list mailing list