fedora-selinux April 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: execstack and execmem

Re: execstack and execmem

From: Dominick Grift <domg472_at_nospam>
Date: Fri Apr 09 2010 - 11:55:54 GMT
To: selinux@lists.fedoraproject.org

On Fri, Apr 09, 2010 at 08:36:39PM +0900, Shintaro Fujiwara wrote:
> Hi, I'm recently working on F12 web server and I got httpd_t execstack
> and execmem.
> Can I allow those ?
> The server I'm woking on right now is a test server which have copied
> all the contents from FC6 which I have move on permissive mode for
> half a year.
> I have not read a log at all on FC6 server.
> I'm trying to move all the contents that I have now on F12.
> I already succeeded another web server which has no script stuff so
> the problem may caused by the script which I have written for certain
> web-pages.
>
> The server I'm working I can't touch couple of days, but some script I
> wrote wants to do that, I guess.
> The script has a type httpd_sys_content_t still, so that may be a problem.
> Yes, it's in the documentroot of Apache.
>
> Maybe I should put the script outside of documentroot or label other
> than httpd stuff with local.pp.
>
> I could not have time to read that thouroughly, but I can report on Monday.
>
> I will report this matter till I get the right answer and I run the
> server right.

Could you enclose avc denials of the particular events please? You may have mislabelled files, as you suggested yourself.

>
> Thanks in advance.
> -------------------------------------------
> segatex--SELinux tool
>
> http://sourceforge.net/projects/segatex/
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux