I am running a python script as Apache CGI in ~/www/sitename/python/index.py. All was working fine in F7 and F8 until selinux-policy-3.0.8-58 arrived in updates. I've only now had time to look at this and am not sure what the problem might be.
Apache error log reads: [error] [client 127.0.0.1] python: can't open file '/home/user/www/sitename/python/index.py': [Errno 13] Permission denied
/var/log/messages: setroubleshoot: #012 SELinux is preventing the python from using potentially mislabeled files <Unknown> (user_home_dir_t).#012 For complete SELinux messages. run sealert -l 3506ffc2-aeb9-493c-b2f1-f579479c7ed5
The script is labelled user_u:object_r:httpd_sys_content_t, I've also tried httpd_sys_script_exec_t but get the same error.
Labelling as httpd_unconfined_script_exec_t DOES work, as do other (non-CGI) pages. There don't seem to be any changes in the changelogs for -57 and -58 which would affect this... any ideas?
* Fri Nov 16 2007 Dan Walsh dwalsh@redhat.com 3.0.8-58 - Allow nmbd to list inotifyfs_t - Dontaudit consolekit access to user homedir - dontaudit nscd getserv and shmemserv - Allow rsync_t dac overrides - Allow xfs_t to listen to sockets
* Fri Nov 16 2007 Dan Walsh dwalsh@redhat.com 3.0.8-57 - Allow lvm to search mnt - Add booleans for xguest account xguest_mount_media xguest_connect_network xguest_use_bluetooth
selinux@lists.fedoraproject.org