seLinux practices the silent treatment – If you would only just tell me what’s wrong I would fix it

Written by James McDonald

July 14, 2017

I have a html form that posts to a Perl CGI script. The script then loops and creates a CSV that is then piped to glabels-3-batch to create a PDF file of labels which lpr then sends to a printer.

I found if I select to create 26 labels the script worked but above 26 I got an error log as follows

[Fri Jul 14 14:09:09.209095 2017] [cgi:error] [pid 11735] [client 127.0.0.1:33956] End of script output before headers: glabels-crossdock-labels.pl, referer: http://jmits.dev/wms/PrintLabels/crossdock_labels

When I set seLinux to stop enforcing it’s policies with setenforce 0 the script would work

But there was nothing in the /var/log/audit/audit.log to show the denial.

So from Redhat seLinux Documentation came the help to fix it.

So first set seLinux back to enforcing

setenforce 1

Set seLinux to show all errors

sudo semodule -DB

Run the web page that triggers the POST to the Perl Script that is erroring out

Then search /var/log/audit/audit.log to find the problem

ausearch -c glabels-crossdo -r | audit2allow -M my-glabels

sudo semodule -X 300 -i my-glabels.pp

 

 

0 Comments

Submit a Comment

Your email address will not be published.

You May Also Like…

ZPL SBPL

Zebra Printer Language http://labelary.com/viewer.html The above website has a page where you can enter ZPL and it...

PHP Iterators

Just came across a Youtube talk "Iterators in PHP" by Jake Smith published in 2014 that steps through the many...

PHP array_map Multiple Arrays

array_map can take multiple arrays. I like how it starts mapping through them starting at the first element of each...