By following this link I am able to just turn SELinux off completely from my Fedora 14.
But I wonder how could I disable SELinux only for the httpd daemon? I don't have system-config-selinux installed and due to company firewall policy I have got to search for the RPMs from pkgs.org in order to install any package. So is there a way to get this sorted out?
Edit:
Summary:
SELinux is preventing /opt/ibm/cognos/c10/cgi-bin/cognos.cgi "execute" access to
/opt/ibm/cognos/c10/cgi-bin/libIBJStreamsDLL.so.
Detailed Description:
SELinux denied access requested by /opt/ibm/cognos/c10/cgi-bin/cognos.cgi.
/opt/ibm/cognos/c10/cgi-bin/cognos.cgi is mislabeled.
/opt/ibm/cognos/c10/cgi-bin/cognos.cgi default SELinux type is bin_t, but its
current type is bin_t. Changing this file back to the default type, may fix your
problem.
If you believe this is a bug, please file a bug report against this package.
Allowing Access:
You can restore the default system context to this file by executing the
restorecon command. restorecon '/opt/ibm/cognos/c10/cgi-bin/cognos.cgi'.
Fix Command:
/sbin/restorecon '/opt/ibm/cognos/c10/cgi-bin/cognos.cgi'
Additional Information:
Source Context unconfined_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:usr_t:s0
Target Objects /opt/ibm/cognos/c10/cgi-bin/libIBJStreamsDLL.so [
file ]
Source cognos.cgi
Source Path /opt/ibm/cognos/c10/cgi-bin/cognos.cgi
Port <Unknown>
Host mm2fedora.syd.cog
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.9.7-3.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name restore_source_context
Host Name mm2fedora.syd.cog
Platform Linux mm2fedora.syd.cog 2.6.35.6-45.fc14.i686 #1
SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686
Alert Count 18
First Seen Fri 15 Apr 2011 02:12:44 PM EST
Last Seen Fri 15 Apr 2011 02:33:11 PM EST
Local ID 409e250f-049f-49c0-89f6-7155e4643868
Line Numbers
Raw Audit Messages
node=mm2fedora.syd.cog type=AVC msg=audit(1302841991.999:22392): avc: denied { execute } for pid=28242 comm="cognos.cgi" path="/opt/ibm/cognos/c10/cgi-bin/libIBJStreamsDLL.so" dev=dm-0 ino=138263 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=mm2fedora.syd.cog type=SYSCALL msg=audit(1302841991.999:22392): arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=1bc08 a2=5 a3=802 items=0 ppid=27923 pid=28242 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=1 comm="cognos.cgi" exe="/opt/ibm/cognos/c10/cgi-bin/cognos.cgi" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
As advised I run the suggested fix command: /sbin/restorecon '/opt/ibm/cognos/c10/cgi-bin/cognos.cgi'
many times but unfortunately. by disabling SELinux completely I can see this web app works. I am researching on this topic myself right now like how to enable SELinux globally while only disabling it for httpd. Must not be the best approach but since this is only a test case that would be just fine for me and my team.
The hint I got from Fedora 13's SELinux FAQ is here so I personally believe there is a way with system-config-selinux, I just don't know the details…
Best Answer
Converting my earlier comment into an answer, to popular demand ;)