Bug 1301186
Summary: | Mediawiki 1.26.X require additional rules. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Frank Büttner <bugzilla> |
Component: | selinux-policy | Assignee: | Simon Sekidde <ssekidde> |
Status: | CLOSED ERRATA | QA Contact: | Jan Zarsky <jzarsky> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 7.2 | CC: | jzarsky, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-80.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 02:40:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Frank Büttner
2016-01-22 19:45:52 UTC
Hi Frank, could you try to label it using # chcon -t mediawiki_script_exec_t /var/www/wiki/html/wiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize and re-test it? 1. semodule -P -r myfix 2. chcon -t mediawiki_script_exec_t 3. edit in the wiki. result: Syntax highlight don't work. audit: type=AVC msg=audit(1455299306.250:7632): avc: denied { read } for pid=706 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.250:7632): arch=c000003e syscall=2 success=no exit=-13 a0=7f8ae84ee4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=706 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.286:7633): avc: denied { read } for pid=707 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.286:7633): arch=c000003e syscall=2 success=no exit=-13 a0=7f037066f4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=707 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.316:7634): avc: denied { read } for pid=708 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.316:7634): arch=c000003e syscall=2 success=no exit=-13 a0=7f87a762b4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=708 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.352:7635): avc: denied { read } for pid=709 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.352:7635): arch=c000003e syscall=2 success=no exit=-13 a0=7f8220d2a4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=709 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.384:7636): avc: denied { read } for pid=710 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.384:7636): arch=c000003e syscall=2 success=no exit=-13 a0=7f0d237de4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=710 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.417:7637): avc: denied { read } for pid=711 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.417:7637): arch=c000003e syscall=2 success=no exit=-13 a0=7f878996a4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=711 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.451:7638): avc: denied { read } for pid=712 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.451:7638): arch=c000003e syscall=2 success=no exit=-13 a0=7fe13f90d4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=712 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.486:7639): avc: denied { read } for pid=713 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.486:7639): arch=c000003e syscall=2 success=no exit=-13 a0=7f4879fae4a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=713 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.519:7640): avc: denied { read } for pid=714 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.519:7640): arch=c000003e syscall=2 success=no exit=-13 a0=7f1bbe8594a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=714 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) type=AVC msg=audit(1455299306.551:7641): avc: denied { read } for pid=715 comm="python" name="passwd" dev="vda2" ino=397421 scontext=system_u:system_r:mediawiki_script_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1455299306.551:7641): arch=c000003e syscall=2 success=no exit=-13 a0=7fe289c624a2 a1=80000 a2=1b6 a3=24 items=0 ppid=12185 pid=715 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:mediawiki_script_t:s0 key=(null) return to: 1. restorecon pygmentize 2. semodule -P -i myfix 3. edit in the wiki result: Syntax highlight work and no audit messages. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2283.html |