seLinux practices the silent treatment – If you would only just tell me what’s wrong I would fix it

Written by James McDonald

July 14, 2017

I have a html form that posts to a Perl CGI script. The script then loops and creates a CSV that is then piped to glabels-3-batch to create a PDF file of labels which lpr then sends to a printer.

I found if I select to create 26 labels the script worked but above 26 I got an error log as follows

[Fri Jul 14 14:09:09.209095 2017] [cgi:error] [pid 11735] [client 127.0.0.1:33956] End of script output before headers: glabels-crossdock-labels.pl, referer: http://jmits.dev/wms/PrintLabels/crossdock_labels

When I set seLinux to stop enforcing it’s policies with setenforce 0 the script would work

But there was nothing in the /var/log/audit/audit.log to show the denial.

So from Redhat seLinux Documentation came the help to fix it.

So first set seLinux back to enforcing

setenforce 1

Set seLinux to show all errors

sudo semodule -DB

Run the web page that triggers the POST to the Perl Script that is erroring out

Then search /var/log/audit/audit.log to find the problem

ausearch -c glabels-crossdo -r | audit2allow -M my-glabels

sudo semodule -X 300 -i my-glabels.pp

 

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…