Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

httpd_suexec_disable_trans

Just installed FC16, trying to get httpd to execute scripts from my home directory (I'm the only user of this machine) with SELinux active. I've gotten to the point where httpd (Apache 2.2) is complaining about suexec. SELinux alert follows:

SELinux is preventing /usr/sbin/suexec from using the dac_override capability

Suggestions from the web (including Fedora docs for earlier releases) say to set httpd_suexec_disable_trans. But...

[root@NorvMaster nepr]# setsebool -P httpd_suexec_disable_trans 1 libsemanage.dbase_llist_set: record not found in the database libsemanage.dbase_llist_set: could not set record value Could not change boolean httpd_suexec_disable_trans Could not change policy booleans

getsebool list does not show an httpd_suexec_disable_trans entry. I can't find anything about how to do what httpd_suexec_disable_trans 1 would, presumably, do.

I'm about to turn SELinux off, so this isn't urgent; just a feeble attempt on my part to do what's, again presumably, right.

Thanks,

Norvel

httpd_suexec_disable_transcan't set httpd_suexec_disable_trans

Just installed FC16, trying to get httpd to execute scripts from my home directory (I'm the only user of this machine) with SELinux active. I've gotten to the point where httpd (Apache 2.2) is complaining about suexec. SELinux alert follows:

SELinux is preventing /usr/sbin/suexec from using the dac_override capability

Suggestions from the web (including Fedora docs for earlier releases) say to set httpd_suexec_disable_trans. But...

[root@NorvMaster nepr]# setsebool -P httpd_suexec_disable_trans 1 libsemanage.dbase_llist_set: record not found in the database libsemanage.dbase_llist_set: could not set record value Could not change boolean httpd_suexec_disable_trans Could not change policy booleans

getsebool list does not show an httpd_suexec_disable_trans entry. I can't find anything about how to do what httpd_suexec_disable_trans 1 would, presumably, do.

I'm about to turn SELinux off, so this isn't urgent; just a feeble attempt on my part to do what's, again presumably, right.

Thanks,

Norvel