Description of problem: The SELinux Apache FAQ gives a nice example of how to run CGIs as different users on virtual hosts using suEXEC. Unfortunately, this seems to cause problems with SELinux (I think with the logging?). If I remove the SuexecUserGroup directive from the virtual hosts, my CGI sample script works great. Put it back, and I get this: blingbling kernel: audit(1108712168.806:0): avc: denied { write } for pid=5276 exe=/usr/sbin/suexec name=httpd dev=md0 ino=3260434 scontext=root:system_r:httpd_suexec_t tcontext=system_u:object_r:httpd_log_t tclass=dir [provide details, patches, etc.] Document version: selinux-apache-0.5-1 (2004-10-19-T21:24-0500)
Just a question from your friendly bugmaster -- is this bug still relevant or should it be closed as obsolete?
I doubt it, but I'm not in a position to test, unfortunately.
While I'm not fully positive the methodology in SELinux is different, I'm fairly certain it is by now. The document referenced and version it came from are no longer maintained, it is effectively end-of-life.
OK, let's close it. If anybody objects, they can reopen it.