apache selinx problem
Bill Tangren
bjt at aa.usno.navy.mil
Mon Nov 13 14:51:34 UTC 2006
Jay Berryman wrote:
> Can you send a copy of the script? SELinux may be killing your script based
> on what it is doing.
>
Where do I find this script? I've been hunting around in subdirectories of
/etc/selinux, but not finding any likely suspects.
> Jay Berryman, RHCT, RHCE
> Systems Engineer
> Phone: (402)-963-6347
> E-Mail: Jay.Berryman at sitel.com
>
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient, or the
> authorized agent of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify SITEL immediately by
> telephone at 402.963.6001 and delete the message and any attachments from
> your system. Thank you for your cooperation.
>
>
>
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
> On Behalf Of Bill Tangren
> Sent: Thursday, November 09, 2006 11:53 AM
> To: General Red Hat Linux discussion list
> Subject: Re: apache selinx problem
>
> Jay Berryman wrote:
>> I just went through everything and noticed something I missed. Try
> changing
>> the security context of your perl script to the following:
>>
>> user_u:object_r:httpd_sys_script_exec_t
>>
>> Let me know if that fixes it or not.
>
> It does not. This is very frustrating. I am contemplating turning off
> SELinux
> monitoring of the apache server.
>
>> Jay Berryman, RHCT, RHCE
>> Systems Engineer
>> Phone: (402)-963-6347
>> E-Mail: Jay.Berryman at sitel.com
>>
>>
>> This message and any attachments are intended only for the use of the
>> addressee and may contain information that is privileged and confidential.
>> If the reader of the message is not the intended recipient, or the
>> authorized agent of the intended recipient, you are hereby notified that
> any
>> dissemination of this communication is strictly prohibited. If you have
>> received this communication in error, please notify SITEL immediately by
>> telephone at 402.963.6001 and delete the message and any attachments from
>> your system. Thank you for your cooperation.
>>
>>
>>
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]
>> On Behalf Of Bill Tangren
>> Sent: Tuesday, November 07, 2006 9:33 AM
>> To: General Red Hat Linux discussion list
>> Subject: Re: apache selinx problem
>>
>> Jay Berryman wrote:
>>> I don't think it's available in RHEL4. Can you send the output of
>> getsebool
>>> -a | grep httpd? It might be that httpd_suexec_disable_trans needs to be
>>> set to off.
>> [root at doggett local]# getsebool -a|grep httpd
>> httpd_builtin_scripting --> active
>> httpd_disable_trans --> inactive
>> httpd_enable_cgi --> active
>> httpd_enable_homedirs --> active
>> httpd_ssi_exec --> active
>> httpd_tty_comm --> inactive
>> httpd_unified --> active
>> [root at doggett local]#
>>
>>
>
More information about the redhat-list
mailing list