[CentOS] selinux denial of cgi script with httpd using ssl

Mon Sep 4 17:07:04 UTC 2017
Gregory P. Ennis <PoMec at PoMec.Net>


I am trying to use a cgi perl script for a CentOs 7 website that works
fine with selinux in permissive mode but fails with selinux in enforcing

The problem I have is that I can not find where the selinux error
message is being recorded.

It does not appear to be in the /var/log/messages
or /var/log/audit/audit.log.  I do not get
any /var/log/httpd/ssl_error_log entries. I do get a successful entry
into /var/log/httpd/ssl_access_log and ssl_request_log when selinux is
in permissive mode, but not when selinux is in enforcing mode.

The only place I can see that I am getting an error message is in the
/var/log/httpd/error_log which is as follows :

Mon Sep 04 11:40:24.216569 2017] [cgi:error] [pid 2290] [client
x.x.x.x:55748] AH01215: (13)Permission denied: exec of
'/var/www/cgi-bin/name.of.script.cgi' failed, referer:

When selinux is in permissive mode the above error does not occur and
the script works fine.  When selinux is in enforcing mode the above
error occurs, and the cgi script fails to execute.

Is there a way to increase the sensitivity of selinux loging, or is
there a different place to look for the error that prevents the
execution of the script.

Your help would be appreciated.


Greg Ennis