[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-selinux-list
Subject:    Python httpd permission denied
From:       Mark Knoop <mark () opus11 ! net>
Date:       2007-12-14 15:07:35
Message-ID: 47629C37.4070807 () opus11 ! net
[Download RAW message or body]

I am running a python script as Apache CGI in 
~/www/sitename/python/index.py. All was working fine in F7 and F8 until 
selinux-policy-3.0.8-58 arrived in updates. I've only now had time to 
look at this and am not sure what the problem might be.

Apache error log reads:
[error] [client 127.0.0.1] python: can't open file 
'/home/user/www/sitename/python/index.py': [Errno 13] Permission denied

/var/log/messages:
setroubleshoot: #012    SELinux is preventing the python from using 
potentially mislabeled files <Unknown> (user_home_dir_t).#012     For 
complete SELinux messages. run sealert -l 
3506ffc2-aeb9-493c-b2f1-f579479c7ed5

The script is labelled user_u:object_r:httpd_sys_content_t, I've also 
tried httpd_sys_script_exec_t but get the same error.

Labelling as httpd_unconfined_script_exec_t DOES work, as do other 
(non-CGI) pages. There don't seem to be any changes in the changelogs 
for -57 and -58 which would affect this... any ideas?

* Fri Nov 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-58
- Allow nmbd to list inotifyfs_t
- Dontaudit consolekit access to user homedir
- dontaudit nscd getserv and shmemserv
- Allow rsync_t dac overrides
- Allow xfs_t to listen to sockets

* Fri Nov 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-57
- Allow lvm to search mnt
- Add booleans for xguest account
       xguest_mount_media
       xguest_connect_network
       xguest_use_bluetooth


-- 
Mark Knoop

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[prev in list] [next in list] [prev in thread] [next in thread]