The ipsilon project would like to have the following embedded in the global SELinux policy. semanage fcontext -a -t httpd_var_lib_t '%{_sharedstatedir}/ipsilon(/.*)?' || : semanage fcontext -a -t var_lib_t '%{_sharedstatedir}/ipsilon(/.*)/*.conf' || :
Could someone please look into this? Ipsilon is an accepted change for Fedora 22: https://fedoraproject.org/wiki/Changes/Ipsilon
Hi Patrick, So, you need label /var/lib/ipsilon(/.*)? as httpd_var_lib_t and /var/lib/ipsilon(/.*)/*.conf as just var_lib_t?
Hi Lukas, That would be correct.
Hi Lukas, I see you didn't add this in the last change of March 23rd. Do you have any idea when you'll be able to get an updated package into Fedora (at least F22)?
Hi, any updates to this?
Please note that until this is fixed, this prevents running the Ipsilon provider as is installed by default. (Ipsilon is a feature for Fedora 22)
I think we could make new policy for ipsilon. I'll create some init policy, can you then send some scratch build for testing?
That would be better, but might be quite complex. Ipsilon is a mod_wsgi application that needs to be able to talk to at least: 1. Databases (possibly) 2. LDAP/Kerberos/IPA (possibly, optionally from Apache context) 3. SSSD (from Apache context) 4. Disk (configuration, possibly database(s) ) There are builds for Ipsilon-0.6.0 available in the Fedora repositories. Feel free to ask if you need more info.
Is there any progress on this? The update would need to go out by today or tomorrow to make it to F22 stable before final freeze.
I am adding fixes. Not sure if we can get in without blocker today?
commit 618dd71c16680441c3914416b3998f23d50cbd71 Author: Miroslav Grepl <mgrepl> Date: Tue May 12 16:53:21 2015 +0200 Add support for /var/lib/ipsilon dir and label it as httpd_var_lib_t. BZ(1186046)
selinux-policy-3.13.1-126.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-126.fc22
Package selinux-policy-3.13.1-126.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-126.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-8101/selinux-policy-3.13.1-126.fc22 then log in and leave karma (feedback).
selinux-policy-3.13.1-126.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.