Description of problem: suexec cgi scripts cannot access the home directory, regardless of httpd_enable_homedirs. Version-Release number of selected component (if applicable): 1.17.30-2.58 The following clause should probably go into the apache_macros.te file: if (httpd_enable_homedirs) { allow httpd_suexec_t user_home_dir_t:dir { getattr search }; }
Added in selinux-policy-targeted-1.17.30-2.65.src.rpm
As of version selinux-policy-targeted-sources-1.17.30-2.90 the user_home_dir_t part is still not included in the apache_macros.te file. The script_rw_t / script_ro_t tags don't seem to include enough. FWIW, the suexec-invoked program in question is a perl script named index.cgi, using lots of r/w state right in the public_html directory. This directory is entirely tagged with httpd_user_content_t.