CentOS 6.5, current.
ll -aZ /.../apps/trac/<proj>/cgi-bin/
drwxr-xr-x. apache root system:object_r:httpd_sys_script_exec_t:s0 .
drwxr-xr-x. apache root system:object_r:httpd_sys_content_t:s0 ..
-rwxr-xr-x. apache root system:object_r:httpd_sys_script_exec_t:s0 trac.cgi
-rwxr-xr-x. apache root system:object_r:httpd_sys_script_exec_t:s0 trac.fcgi
-rwxr-xr-x. apache root system:object_r:httpd_sys_script_exec_t:s0 trac.wsgi
httpd_enable_cgi --> on
Name : selinux-policy-targeted
Version : 3.7.19
Release : 231.el6
From the sealert:
SELinux is preventing /usr/bin/python from
ioctl access on the file
/public/apps/trac/PLT/cgi-bin/trac.cgi.
***** Plugin restorecon (94.8 confidence) suggests
*************************
If you want to fix the label.
/<...>/apps/trac/<...>/cgi-bin/trac.cgi default label should be
httpd_sys_script_exec_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /public/apps/trac/PLT/cgi-bin/trac.cgi
mark