Bug 149047 - SELinux Apache tutorial - describe the bug
SELinux Apache tutorial - describe the bug
Product: Fedora Documentation
Classification: Fedora
Component: selinux-apache (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Colin Walters
Tammy Fox
: Documentation, SELinux
Depends On:
  Show dependency treegraph
Reported: 2005-02-18 02:41 EST by Ben
Modified: 2008-09-08 08:23 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-08 08:23:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ben 2005-02-18 02:41:56 EST
Description of problem:

The SELinux Apache FAQ gives a nice example of how to run CGIs as
different users on virtual hosts using suEXEC. Unfortunately, this
seems to cause problems with SELinux (I think with the logging?). If I
remove the SuexecUserGroup directive from the virtual hosts, my CGI
sample script works great. Put it back, and I get this:

blingbling kernel: audit(1108712168.806:0): avc:  denied  { write }
for  pid=5276 exe=/usr/sbin/suexec name=httpd dev=md0 ino=3260434
tcontext=system_u:object_r:httpd_log_t tclass=dir

[provide details, patches, etc.]

Document version:

selinux-apache-0.5-1 (2004-10-19-T21:24-0500)
Comment 1 Matěj Cepl 2008-09-05 15:34:00 EDT
Just a question from your friendly bugmaster -- is this bug still relevant or should it be closed as obsolete?
Comment 2 Ben 2008-09-05 21:07:25 EDT
I doubt it, but I'm not in a position to test, unfortunately.
Comment 3 Karsten Wade 2008-09-06 10:27:07 EDT
While I'm not fully positive the methodology in SELinux is different, I'm fairly certain it is by now.

The document referenced and version it came from are no longer maintained, it is effectively end-of-life.
Comment 4 Matěj Cepl 2008-09-08 08:23:50 EDT
OK, let's close it. If anybody objects, they can reopen it.

Note You need to log in before you can comment on or make changes to this bug.