1148425 – graphite-web needs type "httpd_sys_rw_content_t" for files in "/var/lib/graphite-web(/.*)?"

Bug 1148425 - graphite-web needs type "httpd_sys_rw_content_t" for files in "/var/lib/graphite-web(/.*)?"

Summary: graphite-web needs type "httpd_sys_rw_content_t" for files in "/var/lib/graph...

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-10-01 12:36 UTC by Jamie Nguyen
Modified:	2014-10-03 12:32 UTC (History)
CC List:	1 user (show)
Fixed In Version:	selinux-policy-3.13.1-85.fc22
Clone Of:
Environment:
Last Closed:	2014-10-03 12:32:37 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jamie Nguyen 2014-10-01 12:36:51 UTC

The graphite-web package builds a graphite-web-selinux subpackage that runs this in %post:

  semanage fcontext -a -t httpd_sys_rw_content_t \
      '%{_localstatedir}/lib/graphite-web(/.*)?'
  restorecon -R %{_localstatedir}/lib/graphite-web

Obviously this is less than ideal.


Could we please have this committed to selinux policy on all branches (f22, f21, f20, f19, epel7, el6, el5)?

We can then get rid of this subpackage (and the dependency on policycoreutils-python).

Comment 1 Miroslav Grepl 2014-10-03 12:32:37 UTC

commit edc52a9173f3fea2568095e847535db97111cb55
Author: Miroslav Grepl <mgrepl>
Date:   Fri Oct 3 14:23:38 2014 +0200

    Add support for /var/lib/graphite-web

Note You need to log in before you can comment on or make changes to this bug.