Robert A. Uhl

Apache, SELinux and CGI scripts

Tonight I upgraded to Fedora 10, which was relatively less painful than such upgrades have been in the past. One big problem, though, was getting Blosxom working. Try as I might, I kept on getting errors in /var/log/httpd/error_log stating Permission denied: exec of '/var/www/blosxom/bin/blog' failed.

After lots of playing around, I discovered the solution: just run chcon -t httpd_sys_script_exec_t /var/www/blosxom/bin/blog. It turns out the in the latest Fedora SELinux has pretty fine-grained controls and needs to be told that it’s okay to execute CGI scripts. Not a big deal, but not friggin’ documented anywhere!

Anyway, if you’ve been having this problem, there’s the solution.


Share