Bug 674415

Summary: Update man page re: httpd_sys_rw_content_t
Product: [Fedora] Fedora Reporter: Matthew Gillen <me>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 14CC: dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.9.7-28.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-03 20:26:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Gillen 2011-02-01 19:56:11 UTC 
Description of problem:
The man page for httpd_selinux incorrectly states that one should use  httpd_sys_content_rw_t for scripts and the daemon to have read/write on a file or directory.  The correct value to use is httpd_sys_rw_content_t (note the location of 'rw' in the string).

It's not a huge deal, since restorecon seems to map the files to the correct (new) values.  However, it seems to make restorecon do more work, since successive 'restorecon -v' invocations will repeatedly print out 'reset' messages.

Version-Release number of selected component (if applicable):
selinux-policy-3.9.7-25.fc14.noarch

Steps to Reproduce:
1.  man httpd_selinux; find httpd_sys_content_rw_t value
2.  semanage fcontext -a -t httpd_sys_content_rw_t "/somedir"
3.  restorecon -v /somedir
4.  restorecon -v /somedir
  
Actual results:
Step 3.  restorecon -v /somedir
   -> restorecon reset /somedir context system_u:object_r:httpd_sys_rw_content_t:s0->system_u:object_r:httpd_sys_content_rw_t:s0
Step 4.  restorecon -v /somedir
   -> restorecon reset /somedir context system_u:object_r:httpd_sys_rw_content_t:s0->system_u:object_r:httpd_sys_content_rw_t:s0

Expected results:
Step 3.  restorecon -v /somedir
   -> restorecon reset /somedir context system_u:object_r:httpd_sys_rw_content_t:s0->system_u:object_r:httpd_sys_content_rw_t:s0
Step 4.  restorecon -v /somedir
  -> (no output)
Comment 1 Daniel Walsh 2011-02-01 22:10:39 UTC 
Miroslav I fixed this in Rawhide, can you back port to F13/F14
Comment 2 Miroslav Grepl 2011-02-02 09:44:16 UTC 
Fixed in selinux-policy-3.9.7-28.fc14
Comment 3 Fedora Update System 2011-02-02 12:58:14 UTC 
selinux-policy-3.9.7-28.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-28.fc14
Comment 4 Fedora Update System 2011-02-02 19:31:27 UTC 
selinux-policy-3.9.7-28.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-28.fc14
Comment 5 Fedora Update System 2011-02-03 20:25:35 UTC 
selinux-policy-3.9.7-28.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.