[CentOS] SELinux blocking cgi script from "writing to socket (httpd_t)"

夜神 岩男 supergiantpotato at yahoo.co.jp
Wed Jan 11 19:50:10 UTC 2012


On 01/12/2012 03:48 AM, Daniel J Walsh wrote:

> In Fedora we currently dontaudit this leak.
>
> audit2allow -i /tmp/t
>
>
> #============= httpd_sys_script_t ==============
> #!!!! This avc has a dontaudit rule in the current policy
>
> allow httpd_sys_script_t httpd_t:udp_socket { read write };

Pow. Reasonable answer, and it isn't so hard to run that command -- its 
just difficult to understand why its necessary if you don't know 
anything about the environment, and mystifying if you know the command 
but nothing about what's going on.



More information about the CentOS mailing list