Bug 463191
Summary: | denyhosts sets incorrect selinux file label on /etc/hosts.deny which prevents other servers from accessing it | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | jonathan | ||||
Component: | denyhosts | Assignee: | Jason Tibbitts <j> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | CC: | dennis, jonathan | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-09-22 15:35:33 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
jonathan
2008-09-22 15:20:21 UTC
This is indeed a dup of 212771. Your plugin is a good idea but unfortunately this is not really fixable without significant changes to the underlying selinux system. I am not well versed in selinux and have not been successful in getting the selinux folks to take an interest in this issue. Honestly I don't know that the problem is really even properly solvable under the selinux framework. It seems to me that the best solution would be to make tcp_wrappers look in a directory for hosts.deny files which could then each have the proper context. You are welcome to file a ticket against the selinux policy. I'll be happy to include your plugin in the Fedora denyhosts package. *** This bug has been marked as a duplicate of bug 212771 *** See also the thread beginning here: https://www.redhat.com/archives/fedora-selinux-list/2007-September/msg00050.html Including the plugin would be great, as then I would not have to verify that my custom plugin is included whenever there are updates to denyhosts. I'll look at filing a report against selinux policy and see what happens. |