seLinux practices the silent treatment – If you would only just tell me what’s wrong I would fix it

Written by James McDonald

July 14, 2017

I have a html form that posts to a Perl CGI script. The script then loops and creates a CSV that is then piped to glabels-3-batch to create a PDF file of labels which lpr then sends to a printer.

I found if I select to create 26 labels the script worked but above 26 I got an error log as follows

[Fri Jul 14 14:09:09.209095 2017] [cgi:error] [pid 11735] [client 127.0.0.1:33956] End of script output before headers: glabels-crossdock-labels.pl, referer: http://jmits.dev/wms/PrintLabels/crossdock_labels

When I set seLinux to stop enforcing it’s policies with setenforce 0 the script would work

But there was nothing in the /var/log/audit/audit.log to show the denial.

So from Redhat seLinux Documentation came the help to fix it.

So first set seLinux back to enforcing

setenforce 1

Set seLinux to show all errors

sudo semodule -DB

Run the web page that triggers the POST to the Perl Script that is erroring out

Then search /var/log/audit/audit.log to find the problem

ausearch -c glabels-crossdo -r | audit2allow -M my-glabels

sudo semodule -X 300 -i my-glabels.pp

 

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...