Bug 150292 - Generates errors on SELinux targeted policy
Generates errors on SELinux targeted policy
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: php-mmcache (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthias Saou
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-04 05:48 EST by Karl Vogel
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-20 09:01:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Karl Vogel 2005-03-04 05:48:30 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1

Description of problem:
When running SELinux targeted policy (selinux-policy-targeted-1.17.30-2.83.noarch.rpm)

MMCache generates errors as it can't write to the cache directory.

Labeling the /var/cache/php-mmcache directory as httpd_cache_t solves the issue.

# chcon -R system_u:object_r:httpd_cache_t php-mmcache


Version-Release number of selected component (if applicable):
php-mmcache-4.3.10_2.4.6-5

How reproducible:
Always

Steps to Reproduce:
1. install SELinux targeted policy
2. setenforce 1 to enable SELinux
3. surf to php-mmcache'd pages
  

Actual Results:  Following SELinux errors are logged:

audit(1109931714.387:0): avc:  denied  { write } for  pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
audit(1109931714.700:0): avc:  denied  { write } for  pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
audit(1109931714.748:0): avc:  denied  { write } for  pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
audit(1109931715.302:0): avc:  denied  { write } for  pid=12884 exe=/usr/sbin/httpd name=php-mmcache dev=dm-3 ino=161232 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir



Expected Results:  No errors.

Additional info:
Comment 1 Matthias Saou 2005-04-07 15:45:30 EDT
Since I haven't played a lot with selinux yet, I don't know if it is possible to
have files labeled automatically when packages are installed, or if this needs
to be all known ahead of time inside the policy chosen.
Do you have any insight on this? It would definitely be very welcome. I also
really need to force myself to use SELinux on more systems.
Comment 2 Matthias Saou 2005-12-20 09:01:36 EST
This should be solved already. See bug #164866 for more details.

Note You need to log in before you can comment on or make changes to this bug.