Bug 666103
Summary: | SELinux is preventing /var/www/cgi-bin/cachemgr.cgi from 'getattr' accesses on the file /etc/squid/cachemgr.conf. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nivag <gavinflower> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 14 | CC: | dwalsh, gavinflower, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:04be3ec727773b66ec642172df2359757273d5cea81ba1f7227b3ae1826a3ad3 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-30 14:00:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nivag
2010-12-29 01:51:03 UTC
*** Bug 666104 has been marked as a duplicate of this bug. *** /usr/lib/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0) /usr/lib64/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0) In their usual location they are labeled httpd_squid_script_exec_t, why are these scripts located in a different directory. You can fix the labeling with the following commands. # semanage fcontext -a -t httpd_squid_script_exec_t /var/www/cgi-bin/cachemgr.cgi # restorecon -v /var/www/cgi-bin/cachemgr.cgi If you believe this should be the default or some package installs them there, please comment in this bug. *** Bug 665681 has been marked as a duplicate of this bug. *** (In reply to comment #2) /usr/lib/squid/cachemgr\.cgi -- [...] I have not changed the directory for these scripts, they are as the package manager placed them, so the SELinux stuff should have been set correctly by default. So I think it is a valid bug. # semanage fcontext -a -t httpd_squid_script_exec_t /usr/sbin/semanage: bad option # The suggested fix fails. You need to use whole suggested command # semanage fcontext -a -t httpd_squid_script_exec_t /var/www/cgi-bin/cachemgr.cgi Sorry, I had not picked up that the second line was actually a continuation of the first... Obvious in hindsight! |