Bug 149047
| Summary: | SELinux Apache tutorial - describe the bug | ||
|---|---|---|---|
| Product: | [Retired] Fedora Documentation | Reporter: | Ben <bench> |
| Component: | selinux-apache | Assignee: | Colin Walters <walters> |
| Status: | CLOSED CANTFIX | QA Contact: | Tammy Fox <tammy.c.fox> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | devel | CC: | dwalsh, kwade, mcepl, mcepl |
| Target Milestone: | --- | Keywords: | Documentation, SELinux |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://fedora.redhat.com/docs/selinux-apache/ | ||
| Whiteboard: | checkRelevance | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-09-08 12:23:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Just a question from your friendly bugmaster -- is this bug still relevant or should it be closed as obsolete? I doubt it, but I'm not in a position to test, unfortunately. While I'm not fully positive the methodology in SELinux is different, I'm fairly certain it is by now. The document referenced and version it came from are no longer maintained, it is effectively end-of-life. OK, let's close it. If anybody objects, they can reopen it. |
Description of problem: The SELinux Apache FAQ gives a nice example of how to run CGIs as different users on virtual hosts using suEXEC. Unfortunately, this seems to cause problems with SELinux (I think with the logging?). If I remove the SuexecUserGroup directive from the virtual hosts, my CGI sample script works great. Put it back, and I get this: blingbling kernel: audit(1108712168.806:0): avc: denied { write } for pid=5276 exe=/usr/sbin/suexec name=httpd dev=md0 ino=3260434 scontext=root:system_r:httpd_suexec_t tcontext=system_u:object_r:httpd_log_t tclass=dir [provide details, patches, etc.] Document version: selinux-apache-0.5-1 (2004-10-19-T21:24-0500)