Description of problem: when selinux is in enforcing mode, gallery2 fails to load browser output: =============== Error Error (ERROR_PLATFORM_FAILURE) : * in modules/core/classes/GalleryTemplate.class at line 270 (GalleryCoreApi::error) * in modules/core/classes/GalleryTemplate.class at line 200 (GalleryTemplate::_initCompiledTemplateDir) * in main.php at line 418 (GalleryTemplate::fetch) * in main.php at line 87 * in main.php at line 80 `tail -n0 -f /var/log/messages' prints Nov 10 07:32:50 hurt kernel: audit(1163161970.447:82): avc: denied { write } for pid=2703 comm="httpd" name="%%626616196" dev=dm-0 ino=4712981 scontext=system_u:system_r:httpd_t:s0 tcontext=root:object_r:usr_t:s0 tclass=dir Nov 10 07:32:50 hurt kernel: audit(1163161970.479:83): avc: denied { write } for pid=2703 comm="httpd" name="%%626616196" dev=dm-0 ino=4712981 scontext=system_u:system_r:httpd_t:s0 tcontext=root:object_r:usr_t:s0 tclass=dir Version-Release number of selected component (if applicable): [root@hurt ~]# yum list installed gallery2\* Loading "installonlyn" plugin Installed Packages gallery2.noarch 2.1-0.24.svn20060817.f installed gallery2-classic.noarch 2.1-0.24.svn20060817.f installed gallery2-comment.noarch 2.1-0.24.svn20060817.f installed gallery2-exif.noarch 2.1-0.24.svn20060817.f installed gallery2-imagemagick.noarch 2.1-0.24.svn20060817.f installed gallery2-matrix.noarch 2.1-0.24.svn20060817.f installed gallery2-thumbnail.noarch 2.1-0.24.svn20060817.f installed gallery2-uploadapplet.noarch 2.1-0.24.svn20060817.f installed seems like the problem is with caching templates: [root@hurt gallery2]# pwd /usr/share/gallery2 ### the default install dir [root@hurt gallery2]# find |grep '%%626616196' ./g2data/smarty/templates_c/%%626616196 ./g2data/smarty/templates_c/%%626616196/%%CD^CD7^CD714190%%SiteAdmin.tpl.php ./g2data/smarty/templates_c/%%626616196/%%BE^BEF^BEF33303%%NavigationLinks.tpl.php ./g2data/smarty/templates_c/%%626616196/%%55^55E^55E14245%%SystemLinks.tpl.php ./g2data/smarty/templates_c/%%626616196/%%34^345^345657B7%%AdminMaintenance.tpl.php ./g2data/smarty/templates_c/%%626616196/v_9 ./g2data/smarty/templates_c/%%626616196/%%FD^FD9^FD9328A6%%BreadCrumb.tpl.php ./g2data/smarty/templates_c/%%626616196/%%AD^AD2^AD2FDAE8%%progressbar.tpl.php ./g2data/smarty/templates_c/%%626616196/%%3A^3A8^3A818B59%%theme.tpl.php ./g2data/smarty/templates_c/%%626616196/%%54^54D^54D7A448%%admin.tpl.php I already tried clearing the cache and other adminstrative tasks that gallery2 offers, still with the same result How reproducible: always
Reassigning against Fedora Core selinux-policy - see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181599 comments 25 through 30 for a similar issue when package was first delivered. Need new context for /usr/share/gallery2 in selinux-policy package.
What directory is it trying to write? /usr/share/gallery2? If yes, I though this was changing since this breaks r/o /usr? Dan
Yes, it writes all kinds of data to /usr/share/gallery2/g2data (default install) including templates, image files, cache, locks etc. It would be nice if gallery2 put this data to /var/cache/gallery2. But I guess that's rather a big change. If the data dir should be different (I see that /srv/gallery2 exists and is owned by the gallery2 package) then the gallery2 web installed should offer this path by default.
Gallery install was fixed in that package