Bug 164866
Summary: | default SELinux context of /var/cache/php-eaccelerator incorrect | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ian Neubert <ian> |
Component: | php-eaccelerator | Assignee: | Matthias Saou <matthias> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | extras-qa, omega13a |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-12-20 14:01:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ian Neubert
2005-08-02 01:41:30 UTC
What is the proper way to solve this within the package? I really don't know, myself, and already asked in #150292 (same issue with mmcache) and never got an answer. Insight would be very welcome... /var/cache/php-eaccelerator(/.*)? system_u:object_r:httpd_cache_t The policy has to be changed to add a line such as the above. I'll send Dan and email and CC fedora-selinux-list. In future just file bug reports against the SE Linux policy package in question. Note that we won't be making huge changes to SE Linux policy for things in extras (IE no changes that break other things). Also the priority of the policy changes will not be as high as it would be for a Fedora Core package. But it will get included in future releases. Thanks a lot for the information, I wasn't sure where that needed to be changed. Would it be possible to also spool an update for Fedora Core 3 for /var/cache/php-mmcache(/.*)? then? This would fix #150292. As mmcache isn't maintained anymore, and eaccelerator replaces it (but with different PHP function names, so it can't be dropped in as a replacement), it's not needed for FC4. If the policy change above will also be pushed to FC3, another option would be for me to rebuild mmcache packages that use the /var/cache/php-eaccelerator/ directory instead. Shouldn't be a problem at all doing so. (In reply to comment #2) > Note that we won't be making huge changes to SE Linux policy for things in > extras (IE no changes that break other things). Also the priority of the > policy changes will not be as high as it would be for a Fedora Core package. > But it will get included in future releases. As a workaround can a package issue the chcon command to make its own changes? Or is that not the Right Thing to do? I'm curious as to what the Fedora policy is on this kind of thing for when I write my own packages. The chcon command appears to work as that now my /var/cache/php-eaccelerator directory is full of cached scripts (before there were none)... On my current FC4 system, I have both : /var/cache/php-eaccelerator(/.*)? system_u:object_r:httpd_cache_t /var/cache/php-mmcache(/.*)? system_u:object_r:httpd_cache_t Inside /etc/selinux/targeted/contexts/files/file_contexts. Could you confirm that it now works by default with this? |