Bug 214979 - gallery2 does not work with selinux in enforcing mode correctly
gallery2 does not work with selinux in enforcing mode correctly
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-10 08:25 EST by David Kovalsky
Modified: 2014-03-31 19:44 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-11 17:21:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Kovalsky 2006-11-10 08:25:43 EST
Description of problem:
when selinux is in enforcing mode, gallery2 fails to load

browser output:
===============
Error
Error (ERROR_PLATFORM_FAILURE) :

    * in modules/core/classes/GalleryTemplate.class at line 270
(GalleryCoreApi::error)
    * in modules/core/classes/GalleryTemplate.class at line 200
(GalleryTemplate::_initCompiledTemplateDir)
    * in main.php at line 418 (GalleryTemplate::fetch)
    * in main.php at line 87
    * in main.php at line 80

`tail -n0 -f /var/log/messages' prints
Nov 10 07:32:50 hurt kernel: audit(1163161970.447:82): avc:  denied  { write }
for  pid=2703 comm="httpd" name="%%626616196" dev=dm-0 ino=4712981
scontext=system_u:system_r:httpd_t:s0 tcontext=root:object_r:usr_t:s0 tclass=dir
Nov 10 07:32:50 hurt kernel: audit(1163161970.479:83): avc:  denied  { write }
for  pid=2703 comm="httpd" name="%%626616196" dev=dm-0 ino=4712981
scontext=system_u:system_r:httpd_t:s0 tcontext=root:object_r:usr_t:s0 tclass=dir



Version-Release number of selected component (if applicable):
[root@hurt ~]# yum list installed gallery2\*
Loading "installonlyn" plugin
Installed Packages
gallery2.noarch                          2.1-0.24.svn20060817.f installed       
gallery2-classic.noarch                  2.1-0.24.svn20060817.f installed       
gallery2-comment.noarch                  2.1-0.24.svn20060817.f installed       
gallery2-exif.noarch                     2.1-0.24.svn20060817.f installed       
gallery2-imagemagick.noarch              2.1-0.24.svn20060817.f installed       
gallery2-matrix.noarch                   2.1-0.24.svn20060817.f installed       
gallery2-thumbnail.noarch                2.1-0.24.svn20060817.f installed       
gallery2-uploadapplet.noarch             2.1-0.24.svn20060817.f installed       



seems like the problem is with caching templates:
[root@hurt gallery2]# pwd
/usr/share/gallery2   ### the default install dir
[root@hurt gallery2]# find |grep '%%626616196' 
./g2data/smarty/templates_c/%%626616196
./g2data/smarty/templates_c/%%626616196/%%CD^CD7^CD714190%%SiteAdmin.tpl.php
./g2data/smarty/templates_c/%%626616196/%%BE^BEF^BEF33303%%NavigationLinks.tpl.php
./g2data/smarty/templates_c/%%626616196/%%55^55E^55E14245%%SystemLinks.tpl.php
./g2data/smarty/templates_c/%%626616196/%%34^345^345657B7%%AdminMaintenance.tpl.php
./g2data/smarty/templates_c/%%626616196/v_9
./g2data/smarty/templates_c/%%626616196/%%FD^FD9^FD9328A6%%BreadCrumb.tpl.php
./g2data/smarty/templates_c/%%626616196/%%AD^AD2^AD2FDAE8%%progressbar.tpl.php
./g2data/smarty/templates_c/%%626616196/%%3A^3A8^3A818B59%%theme.tpl.php
./g2data/smarty/templates_c/%%626616196/%%54^54D^54D7A448%%admin.tpl.php


I already tried clearing the cache and other adminstrative tasks that gallery2
offers, still with the same result

How reproducible:
always
Comment 1 John Berninger 2006-12-03 13:42:24 EST
Reassigning against Fedora Core selinux-policy - see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181599 comments 25 through
30 for a similar issue when package was first delivered.

Need new context for /usr/share/gallery2 in selinux-policy package.
Comment 2 Daniel Walsh 2006-12-04 11:01:19 EST
What directory is it trying to write?  /usr/share/gallery2?  If yes, I though
this was changing since this breaks r/o /usr?

Dan
Comment 3 David Kovalsky 2006-12-04 12:38:37 EST
Yes, 
it writes all kinds of data to /usr/share/gallery2/g2data (default install)
including templates, image files, cache, locks etc. It would be nice if gallery2
put this data to /var/cache/gallery2. But I guess that's rather a big change. 

If the data dir should be different (I see that /srv/gallery2 exists and is
owned by the gallery2 package) then the gallery2 web installed should offer this
path by default. 
Comment 4 Daniel Walsh 2007-01-11 17:21:40 EST
Gallery install was fixed in that package

Note You need to log in before you can comment on or make changes to this bug.