Bug 564450
Summary: | SELinux is preventing /usr/bin/perl from using potentially mislabeled files /usr/share/bugzilla/graphs. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | John Griffiths <fedora.jrg01> |
Component: | bugzilla | Assignee: | Emmanuel Seyman <emmanuel> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | dwalsh, emmanuel, itamar, mgrepl |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:9eb44421569ec50d777b5b7025d88091026862f1d53ef27638904a49a25183e9 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-06-01 12:28:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
John Griffiths
2010-02-12 19:29:49 UTC
This looks like local customization. If bugzilla needs to write to this directory it should be under /var/lib/bugzilla. Or you can change the labeling of the /usr/share/bugzilla/graphs director semanage fcontext -a -e /var/lib/bugzilla /usr/share/bugzilla/graphs reopen this if it in not a local customization. This was a straight installation from Fedora repository. WHat package owns /usr/share/bugzilla/graphs rpm -qf /usr/share/bugzilla/graphs It shows up as not owned by any package, but so do a lot of other files and directories. I think they are created when bugzilla is installed or when ./checksetup.pl is run. I checked two different bugzilla installations on Fedora 12 servers. Neither server had any customization done by hand. Here is a list of files not owned by any package that are in the /usr/share/bugzilla directory. file /usr/share/bugzilla/graphs is not owned by any package file /usr/share/bugzilla/contrib/.htaccess is not owned by any package file /usr/share/bugzilla/.htaccess is not owned by any package file /usr/share/bugzilla/template/.htaccess is not owned by any package file /usr/share/bugzilla/lib is not owned by any package file /usr/share/bugzilla/lib/.htaccess is not owned by any package file /usr/share/bugzilla/docs is not owned by any package file /usr/share/bugzilla/extensions is not owned by any package file /usr/share/bugzilla/Bugzilla/.htaccess is not owned by any package file /usr/share/bugzilla/t/.htaccess is not owned by any package file /usr/share/bugzilla/skins/custom is not owned by any package file /usr/share/bugzilla/skins/custom/panel.css is not owned by any package file /usr/share/bugzilla/skins/custom/global.css is not owned by any package file /usr/share/bugzilla/skins/custom/voting.css is not owned by any package file /usr/share/bugzilla/skins/custom/params.css is not owned by any package file /usr/share/bugzilla/skins/custom/admin.css is not owned by any package file /usr/share/bugzilla/skins/custom/summarize-time.css is not owned by any package file /usr/share/bugzilla/skins/custom/dependency-tree.css is not owned by any package file /usr/share/bugzilla/skins/custom/yui is not owned by any package file /usr/share/bugzilla/skins/custom/yui/calendar.css is not owned by any package file /usr/share/bugzilla/skins/custom/create_attachment.css is not owned by any package file /usr/share/bugzilla/skins/custom/duplicates.css is not owned by any package file /usr/share/bugzilla/skins/custom/editusers.css is not owned by any package file /usr/share/bugzilla/skins/custom/show_bug.css is not owned by any package file /usr/share/bugzilla/skins/custom/release-notes.css is not owned by any package file /usr/share/bugzilla/skins/custom/index.css is not owned by any package file /usr/share/bugzilla/skins/custom/show_multiple.css is not owned by any package file /usr/share/bugzilla/skins/custom/IE-fixes.css is not owned by any package file /usr/share/bugzilla/skins/custom/buglist.css is not owned by any package file /usr/share/bugzilla/skins/custom/help.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/panel.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/voting.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/params.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/admin.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/summarize-time.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/dependency-tree.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/yui is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/yui/calendar.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/create_attachment.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/duplicates.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/editusers.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/show_bug.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/release-notes.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/show_multiple.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/IE-fixes.css is not owned by any package file /usr/share/bugzilla/skins/contrib/Dusk/help.css is not owned by any package I guess the question then, is what is the cgi script trying to write in that directory. Does it create the .htaccess file? The .htaccess file was created but whether is was created by the cgi script, I do not know. The only thing I ever see being put into /usr/share/bugzilla/graphs are png files when the "Old Charts" is selected and run from the Bugzilla reports page. I did a chcon -t httpd_bugzilla_content_rw_t /usr/share/bugzilla/graphs and no longer get the sealert, but that is obviously a work around. Taking this one. I've submitted a fix upstream. If this is accepted, I'll release a fix on Fedora. http://koji.fedoraproject.org/koji/taskinfo?taskID=2221992 Coming soon to a rawhide mirror near you. |