Apache, SELinux and CGI scripts
Tonight I upgraded to Fedora 10, which was relatively less painful
than such upgrades have been in the past. One big problem, though,
was getting Blosxom working. Try as I might, I kept on getting errors
in /var/log/httpd/error_log
stating Permission denied: exec of '/var/www/blosxom/bin/blog' failed
.
After lots of playing around, I discovered the solution: just run
chcon -t httpd_sys_script_exec_t /var/www/blosxom/bin/blog
. It
turns out the in the latest Fedora SELinux has pretty fine-grained
controls and needs to be told that it’s okay to execute CGI scripts.
Not a big deal, but not friggin’ documented anywhere!
Anyway, if you’ve been having this problem, there’s the solution.