Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
documentation:2.1:external2f [2019/02/16 22:57]
cmaudoux [Configuration]
documentation:2.1:external2f [2019/05/09 16:41]
maxbes
Line 18: Line 18:
  
 <note important>​The command line is split in an array and launched with exec(). So you don't need to enclose arguments in ""​ and this feature protects your system against shell injection. However, you can not use any space except to separate arguments.</​note>​ <note important>​The command line is split in an array and launched with exec(). So you don't need to enclose arguments in ""​ and this feature protects your system against shell injection. However, you can not use any space except to separate arguments.</​note>​
 +
 +=== SELinux note ===
 +
 +If your server is enforcing SELinux policies, make sure your external script has a label that is allowed to be executed by ''​httpd''​.
 +
 +For example, storing your script in ''/​usr/​local/​bin/''​ will give it a ''​bin_t''​ label that will work correctly.
 +
 +If your script has a ''​httpd_sys_script_exec_t''​ type, it will only be able to do external network requests if the SELinux boolean ''​httpd_can_network_connect''​ is enabled.
 +
 +If your script has any other label, it will probably not work at all.