Running CGI Scripts With SELinux=ENFORCING With Priviledged Commands …

Home » CentOS » Running CGI Scripts With SELinux=ENFORCING With Priviledged Commands …
CentOS 3 Comments

Hello,

how could it be achieved to run e.g. shutdown -h now from a CGI script on a system where SELinux is set to ENFORCING?

Thanks Walter

3 thoughts on - Running CGI Scripts With SELinux=ENFORCING With Priviledged Commands …

  • Short answer: don’t. You could probably create a custom selinux policy that allowed it but you’d be opening your system up to more security issues.

    If it were me, I’d have the cgi drop a file in a known location, and have an external process (possibly started through cron) monitor the file, then run shutdown conditionally.

  • I thought of such a mechanism; I also want to show some states which also need priviledged rights e.g. arp, iptables -L -n -v, … but these are many write access to the disk, shutdown/restart just generate one write access by the CGI script and the cron job deletes this generated file and does the shutdown or restart

    where is the “best” directory I could do this “communication”?
    e.g. /var/lib/box?

    Thanks, Walter