[CentOS] SELinux blocking cgi script from "writing to socket (httpd_t)"

Wed Jan 11 19:50:10 UTC 2012
夜神 岩男 <supergiantpotato at yahoo.co.jp>

On 01/12/2012 03:48 AM, Daniel J Walsh wrote:

> In Fedora we currently dontaudit this leak.
>
> audit2allow -i /tmp/t
>
>
> #============= httpd_sys_script_t ==============
> #!!!! This avc has a dontaudit rule in the current policy
>
> allow httpd_sys_script_t httpd_t:udp_socket { read write };

Pow. Reasonable answer, and it isn't so hard to run that command -- its 
just difficult to understand why its necessary if you don't know 
anything about the environment, and mystifying if you know the command 
but nothing about what's going on.