Greetings,
I need to run a suid binary from inside a php script, sudo for now but i
guess it's the same for any binary. The output of the binary is
processed via php and displayed to the user browser, so I can't find
another way to run it.
The above runs ok with httpd_disable_trans set to 1 _and_ when
httpd_disable_trans is 0 when running a non-suid binary. I'm stuck when
I need to run suid binary and selinux is enabled for apache.
Below is the output from audit2allow. I created a local module policy
but that didn't help. The rules seems to be very generic and I can't
find any connection to the suid-binary.
The only thing I can find in the net has to do with cgi and apache
directly calling the binary (suexec), but I need to do it via php (the
whole thing is written in php and there isn't any room left for cgi-at
least it will make it very complicated).
# audit2allow -i /var/log/audit/audit.log
allow httpd_t self:netlink_audit_socket create;
allow httpd_t shadow_t:file read;
allow httpd_t sysctl_fs_t:dir search;
allow httpd_t unconfined_t:key search;
allow httpd_t user_home_t:dir getattr;
allow httpd_t user_home_t:file getattr;
-N.
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
