Bug 375651

Summary: policy break bugzilla (3.0.2-0.fc8)
Product: [Fedora] Fedora Reporter: Féliciano Matias <feliciano.matias>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: 8Keywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 3.0.8-54.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-17 19:57:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
avc errors (uniq)
none
Rules created by autid2allow
none
avc error (uniq)
none
Rules created by autid2allow
none
dump of getsebool -a
none
bugzilla configuration none

Description Féliciano Matias 2007-11-11 10:00:23 UTC 
Description of problem:

In selinux enforcement mode, bugzilla can not work.


Version-Release number of selected component (if applicable):

selinux-policy-targeted-3.0.8-47.fc8
bugzilla-3.0.2-0.fc8


How reproducible:

always.


Steps to Reproduce:
1.Installe bugzilla.
2.Use it.
  

Actual results:

Does not work.


Expected results:

Should work.


Additional info:
Bugzilla configured to use PostgreSQL.
Comment 1 Féliciano Matias 2007-11-11 10:00:23 UTC 
Created attachment 254331 [details]
avc errors (uniq)
Comment 2 Féliciano Matias 2007-11-11 10:03:56 UTC 
Created attachment 254341 [details]
Rules created by autid2allow

A work around.
Comment 3 Féliciano Matias 2007-11-11 10:11:59 UTC 
Comment of https://bugzilla.redhat.com/show_bug.cgi?id=375651#c1 is :
avc errors (uniq)
Comment 4 Féliciano Matias 2007-11-11 11:43:13 UTC 
Unconfirmed bug.
Sorry but I begin with Selinux.
I would play with system-config-selinux or setsebool before confirming this bug.
Status change to close/INSUFFICIENT_DATA.
Comment 5 Féliciano Matias 2007-11-11 16:09:31 UTC 
I adjusted some selinux booleans. But it's not enought.
Comment 6 Féliciano Matias 2007-11-11 16:11:28 UTC 
Created attachment 254691 [details]
avc error (uniq)
Comment 7 Féliciano Matias 2007-11-11 16:12:50 UTC 
Created attachment 254701 [details]
Rules created by autid2allow

A work around.
Comment 8 Féliciano Matias 2007-11-11 16:14:02 UTC 
Created attachment 254711 [details]
dump of getsebool -a
Comment 9 Féliciano Matias 2007-11-11 16:15:42 UTC 
Created attachment 254721 [details]
bugzilla configuration 

/etc/bugzilla/localconfig
Comment 10 Daniel Walsh 2007-11-12 20:14:42 UTC 
Fixed in selinux-policy-3.0.8-53.fc8
Comment 11 Daniel Walsh 2007-11-12 20:34:16 UTC 
The current policy assumes that you will be using named pipes to communicate
with a local mysql or postgres database.
Comment 12 Féliciano Matias 2007-11-15 01:39:26 UTC 
This seems to work but I should do more test (I don't have enough time right
now). I'll close the bug a little later after more test. Tested with
selinux-policy-3.0.8-54.fc8

> The current policy assumes that you will be using named pipes to communicate
with a local mysql or postgres database.

If I remember correctly, the default configuration for
allow_user_postgresql_connect is off. That's why I have connected to PostgreSQL
thru 127.0.0.1.
Comment 13 Féliciano Matias 2007-11-17 19:57:20 UTC 
Tested with selinux-policy-3.0.8-54.fc8, things seems to work well.
Bug closed.