Bob
Hello dear Linux folks,
I have a problem (permission) to run a CGI
(bash) script from within my Apache server as SElinux avoids it from running
with an error message in /var/log/message (see below), if I disable SElinux then
there is no problem and the script will run, when SElinux is enabled I see this
error in /var/log/messages:Sep 6 16:05:45 TEST kernel:
audit(1315314345.180:2669): avc: denied { create } for pid=8699 comm="ping"
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=rawip_socketSep 6 16:05:45
TEST kernel: audit(1315314345.181:2670): avc: denied { setuid } for pid=8699
comm="ping" capability=7 scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=capabilityFor
security reasons I would like SElinux to be enabled of course and still be able
to run my script from Apache, I know there is such an option.My
script is located at /var/www/cgi-bin and it does use the ping
command.here is the output of uname -a "Linux TEST 2.6.9-42.EL #1 Tue
Aug 15 09:30:48 BST 2006 x86_64 x86_64 x86_64 GNU/Linux"and this is my
CentOS version "CentOS release 4.4 (Final)"Your help is
appreciated
Shay

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic