Description

When a user runs SUEXEC with redirection to a file on a host with SELinux active, the file is created, but contains no output.

Audit logs similar to the following are generated:

type=AVC msg=audit(1499772439.906:276495): avc: denied { write } for
pid=10364 comm="suexec" path="/home/foo/bar" dev="dm-1" ino=20685778
scontext=unconfined_u:unconfined_r:boks_suexec_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file

Resolution / Workaround

If redirection fails, try applying the latest BoKS SELinux policy RPM.

Additionally, a workaround for this issue is to use cat instead of redirecting the file directly.

So, instead of running:

suexec program > ~/file.txt


run the following:

suexec program | cat > ~/file.txt

For a more detailed discussion on this issue, see http://danwalsh.livejournal.com/22860.html.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018