Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: Running httpd scripts from nfs mounts?: msg#00201
|
Subject: |
Re: Running httpd scripts from nfs mounts? |
On Tue, 2005-01-25 at 21:34 -0500, John W. Lockhart wrote:
> I'm trying to run scripts via httpd from a trusted nfs server,
> but selinux is preventing me:
>
> kernel: audit(1106703013.728:0): avc: denied { execute } for pid=28425
> exe=/usr/sbin/httpd name=sanity_server.pl dev=0:12 ino=32407792
> scontext=root:system_r:httpd_t tcontext=system_u:object_r:nfs_t
> tclass=file
Yeah; we have a few booleans for NFS home dirs and the like, but it's
difficult to support arbitrarily placement of nfs_t in policy.
> So I umounted the nfs volume, and added the following to the
> mount options in /etc/fstab:
> context=system_u:object_r:httpd_sys_content_t
This is the best approach, IMO.
> I mounted the volume again, and re-tried. That failed with:
>
> kernel: audit(1106705663.904:0): avc: denied { execute_no_trans } for
> pid=28573 exe=/usr/sbin/httpd
> path=/mnt/myserver/testing-scripts/sanity_server.pl dev=0:12 ino=3
> 2407792 scontext=root:system_r:httpd_t
> tcontext=system_u:object_r:httpd_sys_content_t tclass=file
Weird. What's the output of "getsebool httpd_unified"?
|
| |
