SELinux not allowing my Perl CGI full access?
I run Fedora 9 with with Apache and Perl. When I got to http://mywebsite/cgi-bin/pb.cgi, it doesn't work properly. My script uses curl to access a website, and it works, but when I look at it from localhost, it only outputs statements like print "test"; My curl doesn't output, and I don't think it is running. SELinux is causing the problem. It issues 3 denials every time I run the script. Here is what it says:
SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types.
that one is stupid because i have httpd_unified ON!
SELinux is preventing pb.cgi (httpd_sys_script_t) "create" to <Unknown> (httpd_sys_script_t). SELinux denied access requested by pb.cgi. It is not expected that this access is required by pb.cgi and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
SELinux is preventing pb.cgi (httpd_sys_script_t) "getsched" to <Unknown> (httpd_sys_script_t).
I don't get what those mean! I know my script is trying to write to a cookie file, and I don't know how to let it do that, but I don't know what the other ones mean. If you need me to post my script, I will.