[CentOS] running CGI scripts with SELinux=ENFORCING with priviledged commands ...

Sun Aug 21 10:01:34 UTC 2016
Walter H. <Walter.H at mathemainzel.info>

On 20.08.2016 23:59, Jonathan Billings wrote:
>> On Aug 20, 2016, at 15:00, Walter H.<Walter.H at mathemainzel.info>  wrote:
>> Hello,
>> how could it be achieved to run
>> e.g.
>> shutdown -h now
>> from a CGI script on a system where SELinux is set to ENFORCING?
> Short answer: don't.   You could probably create a custom selinux policy that allowed it but you'd be opening your system up to more security issues.
> If it were me, I'd have the cgi drop a file in a known location, and have an external process (possibly started through cron) monitor the file, then run shutdown conditionally.
I thought of such a mechanism; I also want to show some states which 
also need priviledged rights
e.g.  arp,  iptables -L -n -v, ...
but these are many write access to the disk, shutdown/restart just 
generate one write access by the CGI script
and the cron job deletes this generated file and does the shutdown or 

where is the "best" directory I could do this "communication"?
e.g. /var/lib/box?