Bug 174301 - Targeted Policy Blocks Write Access to /etc/privoxy/user.action
Targeted Policy Blocks Write Access to /etc/privoxy/user.action
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-11-27 10:46 EST by Carsten Clasohm
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 1.27.1-2.15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-20 20:47:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Carsten Clasohm 2005-11-27 10:46:43 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
Privoxy allows users to customize its behaviour via the Web interface. Changes to the configuration are saved in /etc/privoxy/user.action. With the targeted SELinux policy, Privoxy is not allowed to write this file.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Enable the targeted SELinux policy in enforcing mode.
2. Start the privoxy service.
3. Configure your browser to use localhost 8118 as its HTTP proxy.
4. Go to http://config.privoxy.org/edit-actions-list?f=user
5. Add some URL pattern to the first action.

Actual Results:  Privoxy will report that it cannot modify /etc/privoxy/user.action, and /var/log/messages contains this message:

avc:  denied  { write } for  pid=30533 comm="privoxy" name="user.action" dev=dm-0 ino=197288 scontext=root:system_r:privoxy_t tcontext=root:object_r:etc_t tclass=file

Expected Results:  Privoxy should be allowed to modify /etc/privoxy/user.action.

Additional info:

To fix this, I added this to local.fc:

/etc/privoxy/user\.action   --	system_u:object_r:privoxy_rc_t

And this to local.te:

type privoxy_rc_t, file_type;
allow privoxy_t privoxy_rc_t:file { getattr read write };

This should be placed into the respective program files.
Comment 1 Daniel Walsh 2005-11-28 14:22:19 EST
Fixed in selinux-policy-targeted- 1.27.1-2.15

Note You need to log in before you can comment on or make changes to this bug.