Bug 150292
| Summary: | Generates errors on SELinux targeted policy | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Karl Vogel <karl.vogel> |
| Component: | php-mmcache | Assignee: | Matthias Saou <matthias> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-12-20 14:01:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since I haven't played a lot with selinux yet, I don't know if it is possible to have files labeled automatically when packages are installed, or if this needs to be all known ahead of time inside the policy chosen. Do you have any insight on this? It would definitely be very welcome. I also really need to force myself to use SELinux on more systems. This should be solved already. See bug #164866 for more details. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 Description of problem: When running SELinux targeted policy (selinux-policy-targeted-1.17.30-2.83.noarch.rpm) MMCache generates errors as it can't write to the cache directory. Labeling the /var/cache/php-mmcache directory as httpd_cache_t solves the issue. # chcon -R system_u:object_r:httpd_cache_t php-mmcache Version-Release number of selected component (if applicable): php-mmcache-4.3.10_2.4.6-5 How reproducible: Always Steps to Reproduce: 1. install SELinux targeted policy 2. setenforce 1 to enable SELinux 3. surf to php-mmcache'd pages Actual Results: Following SELinux errors are logged: audit(1109931714.387:0): avc: denied { write } for pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir audit(1109931714.700:0): avc: denied { write } for pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir audit(1109931714.748:0): avc: denied { write } for pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir audit(1109931715.302:0): avc: denied { write } for pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir Expected Results: No errors. Additional info: