RE: [users@httpd] Error executing script through Apache

Fri, 16 Oct 2015 07:38:25 -0700 

Hello All

Pete - You were right!

When I try to execute I get this in the audit log.

type=AVC msg=audit(1445006093.179:15955): avc:  denied  { write } for  
pid=22733 comm="udt" name="apphome" dev=dm-0 ino=23199745 
scontext=unconfined_u:system_r:httpd_sys_script_t:s0 
tcontext=unconfined_u:object_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1445006093.179:15955): arch=40000003 syscall=5 
per=400000 success=no exit=-13 a0=ffeb8bcc a1=242 a2=1b6 a3=7 items=0 
ppid=22731 pid=22733 auid=0 uid=800 gid=100 euid=800 suid=800 fsuid=800 
egid=100 sgid=100 fsgid=100 tty=(none) ses=1242 comm="udt" 
exe="/usr/ud73/bin/udt" subj=unconfined_u:system_r:httpd_sys_script_t:s0 
key=(null)
type=AVC msg=audit(1445006093.179:15956): avc:  denied  { append } for  
pid=22733 comm="udt" name="udt.errlog" dev=dm-0 ino=64490264 
scontext=unconfined_u:system_r:httpd_sys_script_t:s0 
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
type=SYSCALL msg=audit(1445006093.179:15956): arch=40000003 syscall=5 
per=400000 success=no exit=-13 a0=ffeb66ac a1=441 a2=1b6 a3=83d46a9 items=0 
ppid=22731 pid=22733 auid=0 uid=800 gid=100 euid=800 suid=800 fsuid=800 
egid=100 sgid=100 fsgid=100 tty=(none) ses=1242 comm="udt" 
exe="/usr/ud73/bin/udt" subj=unconfined_u:system_r:httpd_sys_script_t:s0 
key=(null)
type=AVC msg=audit(1445006093.179:15957): avc:  denied  { associate } for  
pid=22733 comm="udt" key=1157629479  
scontext=unconfined_u:system_r:httpd_sys_script_t:s0 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
type=SYSCALL msg=audit(1445006093.179:15957): arch=40000003 syscall=117 
per=400000 success=no exit=-13 a0=17 a1=45000627 a2=0 a3=0 items=0 ppid=22731 
pid=22733 auid=0 uid=800 gid=100 euid=800 suid=800 fsuid=800 egid=100 sgid=100 
fsgid=100 tty=(none) ses=1242 comm="udt" exe="/usr/ud73/bin/udt" 
subj=unconfined_u:system_r:httpd_sys_script_t:s0 key=(null)


Please forgive my ignorance, but what can I do now to resolve this?

Thank you,
David C. Johnson

David C.Johnson 
Schoolcraft College
Administrative Systems
Senior Systems Administrator
A-180
1(734)462-4716
[email protected]

-----Original Message-----
From: Pete Houston [mailto:[email protected]] 
Sent: Friday, October 16, 2015 10:27 AM
To: [email protected]
Subject: Re: [users@httpd] Error executing script through Apache

On Fri, Oct 16, 2015 at 02:21:45PM +0000, David Johnson wrote:
> What would be different about being logged in as www at the command line and 
> calling a script vs. running Apache as www and calling it through the 
> intranet?

The SELinux context will be different. Check the audit log to see if it's being 
denied.

Pete
--
Openstrike - improving business through open source 
http://www.openstrike.co.uk/ or call 01722 770036

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to