Description of problem: The httpd process should be allowed write/search/read/etc/create- access within /var/cache/mod_proxy/ - this directory can be configured for disk caching. httpd will create subdirectories, delete subdirectories, create, read, write files within there.
Fixed in selinux-policy-targeted-1.17.30-2.146
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Created attachment 220351 [details] content from audit.log It needs additional configuration in policy ... # rpm -q selinux-policy-targeted selinux-policy-targeted-1.17.30-2.148.noarch
The directory is still mislabeled. restorecon -R -v /var/cache/mod_proxy should fix.
Yes, it fixes the problem. But it isn't good solution - the scriptlet in rpm package should reliably autorelabel filesystem to avoid a such situation ...
BTW rpm postinstall scriptlet contains bug: ... && fixfiles -l /dev/null -C /etc/s.... fixfiles for RHEL4 doesn't have switches -l and -C The bug apparently appears in case of missing or empty /etc/selinux/targeted/src/policy/Makefile
OOPS! `man fixfiles` should be updated for RHEL4. see https://bugzilla.redhat.com/show_bug.cgi?id=335441
So do we have a bug or not?
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0741.html