Hide Forgot
Description of problem: Queuegraph doesn't have SELinux contexts set correctly, and therefore when SELinux is active, queuegraph won't work through apache. Version-Release number of selected component (if applicable): queuegraph-1.1-6.el6.noarch queuegraph-selinux-1.1-6.el6.noarch How reproducible: Steps to Reproduce: 1. yum install queuegraph queuegraph-selinux 2. restart httpd 3. Surf to http://host/queuegraph Actual results: 500 Internal Server Error Expected results: The normal queuegraph pages Additional info: This was already reported in https://bugzilla.redhat.com/show_bug.cgi?id=731600 but reading the EPEL wiki I noticed that I should report it under product Fedora-EPEL hence this new bug. Please excuse the double entry. Also see bz566513 for a similar problem with mailgraph (also on EL6) Here is the error in /var/log/httpd/error_log: [Thu Aug 18 02:09:04 2011] [error] [client 10.0.0.135] (13)Permission denied: exec of '/usr/share/queuegraph/queuegraph.cgi' failed [Thu Aug 18 02:09:04 2011] [error] [client 10.0.0.135] Premature end of script headers: queuegraph.cgi Here is the error in /var/log/audit/audit.log: type=AVC msg=audit(1313626144.344:719): avc: denied { execute } for pid=3908 comm="httpd" name="queuegraph.cgi" dev=sda2 ino=43519713 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file type=SYSCALL msg=audit(1313626144.344:719): arch=c000003e syscall=59 success=no exit=-13 a0=7f994b151168 a1=7f994b14cec8 a2=7f994b14cee0 a3=7fffa58254a0 items=0 ppid=2974 pid=3908 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=11 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) I noticed the fix in bz243302 and I tried them on queuegraph: $ sudo chcon -t httpd_sys_script_exec_t /usr/share/queuegraph/queuegraph.cgi $ sudo chcon -R -t httpd_sys_script_ra_t /var/cache/queuegraph $ sudo chcon -R -t httpd_sys_script_ra_t /var/lib/queuegraph Now queuegraph shows (empty) graphs. It did not work for mailgraph on EL6 (see bz566513) but that is maybe because this is a fresh install and postfix has not been configured yet. Please let me know if you need more information or would like me to test a new policy.
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above.
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version, you are encouraged to change the 'version' to a later version prior this bug is closed as described in the policy above.
EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of EPEL please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.