<div><br>Hi Chris, Jim, I've received the following response from the selinux maillist:<br><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
There is no longer a selinux-policy-<targeted<div style="direction: ltr;">/strict/mls>-sources RPM<br>available in FC5. All Policies are build from a selinux-policy.srpm<br>package, which contains all of the policy source files.
<br><br>Happy Day.<br>Thorsten</div></blockquote><div><br>Apparently the sources are not available in FC5. The context of the files is the one you wrote: httpd_sys_script_exec_t, in the cgis and also on the configuration files. The cgis are executed, but aren't able to read the objects configuration. I'm appending the list of the directories requested and a part of the syslog related to AVC. Thanks in advance!
<br><br>MFC<br><br></div><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">[root@localhost nagios]# ls --context /usr/lib/nagios/cgi-bin/<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t
avail.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t cmd.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t config.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t
extinfo.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t histogram.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t history.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t
notifications.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t outages.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t showlog.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t
status.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t statusmap.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t statuswml.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t
statuswrl.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t summary.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t tac.cgi<br>-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t
trends.cgi<br></blockquote></div><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">[root@localhost nagios]# ls --context<br>-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t
bigger.cfg-sample<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t cgi.cfg<br>-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t cgi.cfg-sample<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t
checkcommands.cfg<br>-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t checkcommands.cfg-sample<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t contactgroups.cfg<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t
contacts.cfg<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t hostgroups.cfg<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t hosts.cfg<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t
htpasswd.users<br>-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t minimal.cfg-sample<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t misccommands.cfg<br>-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t
misccommands.cfg-sample<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t nagios.cfg<br>-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t nagios.cfg-sample<br>drwxr-x--- root root system_u:object_r:httpd_sys_script_exec_t private
<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t services.cfg<br>-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t timeperiods.cfg<br>[root@localhost nagios]# ls --context private/<br>-rw-r----- root root system_u:object_r:httpd_sys_script_exec_t
resource.cfg<br>-rw-r----- root root system_u:object_r:httpd_sys_script_exec_t resource.cfg-sample</blockquote><div><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
audit(1151073510.912:1650): avc: denied { read } for pid=7942 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
<br>audit(1151073601.054:1651): avc: denied { read } for pid=7999 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
<br>audit(1151073696.660:1652): avc: denied { read } for pid=8037 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
<br>audit(1151073787.393:1653): avc: denied { read } for pid=8067 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
<br>audit(1151073877.523:1654): avc: denied { read } for pid=8108 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
<br>audit(1151073967.653:1655): avc: denied { read } for pid=8203 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
<br></blockquote> </div><br>