Re: [CentOS] selinux denial of cgi script with httpd using ssl

2017-09-04 Thread Gregory P. Ennis
On Tue, Sep 5, 2017 at 9:49 AM, Gregory P. Ennis wrote: > Thanks for your help. > > I did pick up an additional entry in the audit file : > > > type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for > pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" > ino=537182029

Re: [CentOS] selinux denial of cgi script with httpd using ssl

2017-09-04 Thread James Hogarth
On 4 September 2017 at 23:12, Alexander Dalloz wrote: > Am 04.09.2017 um 23:49 schrieb Gregory P. Ennis: > >> Thanks for your help. >> >> I did pick up an additional entry in the audit file : >> >> >> type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for >> pid=19163 comm="/usr/

Re: [CentOS] selinux denial of cgi script with httpd using ssl

2017-09-04 Thread James Hogarth
On 4 September 2017 at 22:49, Gregory P. Ennis wrote: > Thanks for your help. > > I did pick up an additional entry in the audit file : > > > type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for > pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" > ino=537182029 sc

Re: [CentOS] selinux denial of cgi script with httpd using ssl

2017-09-04 Thread Alexander Dalloz
Am 04.09.2017 um 23:49 schrieb Gregory P. Ennis: Thanks for your help. I did pick up an additional entry in the audit file : type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" ino=537182029 scontext=system_u:sy

Re: [CentOS] selinux denial of cgi script with httpd using ssl

2017-09-04 Thread Clint Dilks
On Tue, Sep 5, 2017 at 9:49 AM, Gregory P. Ennis wrote: > Thanks for your help. > > I did pick up an additional entry in the audit file : > > > type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for > pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" > ino=537182029

Re: [CentOS] selinux denial of cgi script with httpd using ssl

2017-09-04 Thread Gregory P. Ennis
u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file Unfortunately, I am not sure how the above tells me what is wrong. Greg -Original Message-From: Clint Dilks Reply-to: CentOS mailing list To: CentOS mailing list Subject: Re: [CentOS] selinux denial of cgi script with ht

Re: [CentOS] selinux denial of cgi script with httpd using ssl

2017-09-04 Thread Clint Dilks
HI, Try disabling Don't Audit rules semodule -DB Then check /var/log/audit.log To re-enable semodule -B On Tue, Sep 5, 2017 at 5:07 AM, Gregory P. Ennis wrote: > Everyone, > > I am trying to use a cgi perl script for a CentOs 7 website that works > fine with selinux in permissive mode

[CentOS] selinux denial of cgi script with httpd using ssl

2017-09-04 Thread Gregory P. Ennis
Everyone, I am trying to use a cgi perl script for a CentOs 7 website that works fine with selinux in permissive mode but fails with selinux in enforcing mode. The problem I have is that I can not find where the selinux error message is being recorded. It does not appear to be in the /var/log/me