Bug 522897
| Summary: | Unable To Upload Images To /usr/share/wordpress/wp-content/uploads/ | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bob Cochran <cochranb> |
| Component: | wordpress | Assignee: | Gwyn Ciesla <gwync> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 15 | CC: | adrian, dwalsh, giallu, john, matthias, mcepl, mcepl, mgrepl, nathaniel |
| Target Milestone: | --- | Keywords: | SELinux |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | wordpress-3.1.4-1.fc14 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-21 17:14:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Bob Cochran
2009-09-12 02:12:42 UTC
Miroslav add the following labeling to F11. /usr/share/wordpress/wp-content/uploads(/.*)? system_u:object_r:httpd_sys_content_rw_t:s0 But I agree that we should not have writable files under /usr. /usr should be read/only whenever possible. Putting the content under /var/www/html/wordpress would make sense. Can the labelling be done in F12 also? I do have the F12 Alpha running and I'm going to play with it on Sunday. I'll file a bug against this for rawhide if you would like. Bob I always put any fix for the current released Fedora into Rawhide. No need for a separate bugzilla. The tabeling was added to selinux-policy-3.6.12-83.fc11.noarch Ok, hitting the same issue here; I agree keeping the upload dir in /usr is not a good thing, but isn't /var/www supposed to be read only as well? I would argue /var means variable, so while most of /var/www is readonly, I have no problems allowing read/write content anywhere under /var This message is a reminder that Fedora 11 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 11. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '11'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 11's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 11 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This message is a reminder that Fedora 12 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 12. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '12'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 12's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 12 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping This is quite an easy fix. Move wp-content to /var/www/wordpress (which should get the labelling correct by default, I think) and edit the WP_CONTENT_DIR definition in /usr/share/wordpress/wp-includes/default-constants.php. This bug affects other things as well, like multi-user wordpress (which requires a writable directory in wp-contents). (In reply to comment #10) > This is quite an easy fix. Move wp-content to /var/www/wordpress (which should > get the labelling correct by default, I think) and edit the WP_CONTENT_DIR > definition in /usr/share/wordpress/wp-includes/default-constants.php. > > This bug affects other things as well, like multi-user wordpress (which > requires a writable directory in wp-contents). Please review suggested patch in http://pkgs.fedoraproject.org/gitweb/?p=wordpress.git;a=commitdiff;h=effc25273226e891448d8b596e7c7b1db9de6018 (koji build http://koji.fedoraproject.org/koji/taskinfo?taskID=3092834). Looks good. One question however is what the permissions are on /var/www/wordpress? Should this directory be writable by default? I'm guessing yes, and that with wordpress being under selinux by default the risk should be pretty low... (In reply to comment #12) > Looks good. One question however is what the permissions are on > /var/www/wordpress? Should this directory be writable by default? I'm guessing > yes, and that with wordpress being under selinux by default the risk should be > pretty low... What about chmod 664 files and group apache? Although, do you know what group runs lightppd under? Wordpress is supposed to be compatible with it, right? Adding lighttpd maintainer to CC to help us. wordpress-3.1.3-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/wordpress-3.1.3-2.fc15 wordpress-3.1.3-2.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/wordpress-3.1.3-2.el5 wordpress-3.1.3-2.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/wordpress-3.1.3-2.fc13 wordpress-3.1.3-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/wordpress-3.1.3-2.fc14 wordpress-3.1.3-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/wordpress-3.1.3-2.el6 wordpress-3.1.3-3.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/wordpress-3.1.3-3.el5 wordpress-3.1.3-3.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/wordpress-3.1.3-3.el6 wordpress-3.1.3-3.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/wordpress-3.1.3-3.fc13 wordpress-3.1.3-3.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/wordpress-3.1.3-3.fc14 wordpress-3.1.3-3.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/wordpress-3.1.3-3.fc15 And all those updates are in vain for this bug (sorry, for screwing fedpkg update) ... in the end I have not managed to make wordpress moving with Patch 1 applied. If you can do it, please do so. Respectively, I am able to upload images to wp-content/uploads (because SELinux policy has been changed), but I haven't been able to move wp-content to /var/www/wordpress. Package wordpress-3.1.3-3.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing wordpress-3.1.3-3.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/wordpress-3.1.3-3.fc15 then log in and leave karma (feedback). Package wordpress-3.1.3-3.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing wordpress-3.1.3-3.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/wordpress-3.1.3-3.el6 then log in and leave karma (feedback). wordpress-3.1.3-3.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. wordpress-3.1.4-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/wordpress-3.1.4-1.fc14 wordpress-3.1.4-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/wordpress-3.1.4-1.fc15 wordpress-3.1.4-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/wordpress-3.1.4-1.el6 wordpress-3.1.4-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. wordpress-3.1.4-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. wordpress-3.1.4-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |