Bug 150292 - Generates errors on SELinux targeted policy
Summary: Generates errors on SELinux targeted policy
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: php-mmcache   
(Show other bugs)
Version: 3
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Matthias Saou
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-03-04 10:48 UTC by Karl Vogel
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-20 14:01:36 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Karl Vogel 2005-03-04 10:48:30 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1

Description of problem:
When running SELinux targeted policy (selinux-policy-targeted-1.17.30-2.83.noarch.rpm)

MMCache generates errors as it can't write to the cache directory.

Labeling the /var/cache/php-mmcache directory as httpd_cache_t solves the issue.

# chcon -R system_u:object_r:httpd_cache_t php-mmcache


Version-Release number of selected component (if applicable):
php-mmcache-4.3.10_2.4.6-5

How reproducible:
Always

Steps to Reproduce:
1. install SELinux targeted policy
2. setenforce 1 to enable SELinux
3. surf to php-mmcache'd pages
  

Actual Results:  Following SELinux errors are logged:

audit(1109931714.387:0): avc:  denied  { write } for  pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
audit(1109931714.700:0): avc:  denied  { write } for  pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
audit(1109931714.748:0): avc:  denied  { write } for  pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
audit(1109931715.302:0): avc:  denied  { write } for  pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir



Expected Results:  No errors.

Additional info:

Comment 1 Matthias Saou 2005-04-07 19:45:30 UTC
Since I haven't played a lot with selinux yet, I don't know if it is possible to
have files labeled automatically when packages are installed, or if this needs
to be all known ahead of time inside the policy chosen.
Do you have any insight on this? It would definitely be very welcome. I also
really need to force myself to use SELinux on more systems.

Comment 2 Matthias Saou 2005-12-20 14:01:36 UTC
This should be solved already. See bug #164866 for more details.


Note You need to log in before you can comment on or make changes to this bug.