This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 174301 - Targeted Policy Blocks Write Access to /etc/privoxy/user.action
Targeted Policy Blocks Write Access to /etc/privoxy/user.action
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-11-27 10:46 EST by Carsten Clasohm
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 1.27.1-2.15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-20 20:47:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Carsten Clasohm 2005-11-27 10:46:43 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
Privoxy allows users to customize its behaviour via the Web interface. Changes to the configuration are saved in /etc/privoxy/user.action. With the targeted SELinux policy, Privoxy is not allowed to write this file.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Enable the targeted SELinux policy in enforcing mode.
2. Start the privoxy service.
3. Configure your browser to use localhost 8118 as its HTTP proxy.
4. Go to
5. Add some URL pattern to the first action.

Actual Results:  Privoxy will report that it cannot modify /etc/privoxy/user.action, and /var/log/messages contains this message:

avc:  denied  { write } for  pid=30533 comm="privoxy" name="user.action" dev=dm-0 ino=197288 scontext=root:system_r:privoxy_t tcontext=root:object_r:etc_t tclass=file

Expected Results:  Privoxy should be allowed to modify /etc/privoxy/user.action.

Additional info:

To fix this, I added this to local.fc:

/etc/privoxy/user\.action   --	system_u:object_r:privoxy_rc_t

And this to local.te:

type privoxy_rc_t, file_type;
allow privoxy_t privoxy_rc_t:file { getattr read write };

This should be placed into the respective program files.
Comment 1 Daniel Walsh 2005-11-28 14:22:19 EST
Fixed in selinux-policy-targeted- 1.27.1-2.15

Note You need to log in before you can comment on or make changes to this bug.