I have a php script that generates an selinux avc denial when it tries to exec a bash script.
Here is the alert:
So, when I do as it suggests, I get:
.. and no policy is created.
Can someone tell me why this is happening?
Can I generate a policy from the raw audit message instead?
Is there another way to allow httpd to call bash scripts?
I have httpd_unified and httpd_enable_cgi both set to 'on'.
Here is the alert:
Code:
SELinux is preventing /usr/bin/bash from execute access on the file /opt/cps/rcm/upsample.
...
You can generate a local policy module to dontaudit this access.
Do
# grep /usr/bin/bash /var/log/audit/audit.log | audit2allow -D -M mypol
# semodule -i mypol.pp
...Code:
[root@psy58 ~]# grep /usr/bin/bash /var/log/audit/audit.log | audit2allow -D -M mypol
Nothing to doCan someone tell me why this is happening?
Can I generate a policy from the raw audit message instead?
Is there another way to allow httpd to call bash scripts?
I have httpd_unified and httpd_enable_cgi both set to 'on'.