Bug 1183986 - graphite-web needs type "httpd_log_t" for files in "/var/log/graphite-web(/.*)?"
Summary: graphite-web needs type "httpd_log_t" for files in "/var/log/graphite-web(/.*)?"
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-01-20 11:18 UTC by Piotr Popieluch
Modified: 2015-06-11 21:39 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-06-11 21:39:42 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Piotr Popieluch 2015-01-20 11:18:24 UTC 
Description of problem:

Graphite default httpd config tries to write logfiles to /var/log/graphite-web(/.*)? which results in an avc denial. 

When I run:
semanage fcontext -a -t httpd_log_t '/var/log/graphite-web(/.*)?'
and 
restorecon -R /var/log/graphite-web
it works as expected


Version-Release number of selected component (if applicable):
graphite-web 0.9.12-8




Actual results:

type=AVC msg=audit(1421751412.731:3441): avc:  denied  { open } for  pid=3053 comm="httpd" path="/var/log/graphite-web/info.log" dev="dm-1" ino=1774573 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0


Expected results:


Additional info:


Please add httpd_log_t for /var/log/graphite-web(/.*)? to the selinux-policy on all active branches
Comment 1 Jaroslav Reznik 2015-03-03 16:44:37 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Note You need to log in before you can comment on or make changes to this bug.