Description of problem: When I install bugzilla from epel-5 on CentOS-5 I get the followinf AVC denied message. Version-Release number of selected component (if applicable): bugzilla-3.0.2-0.el5 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: From setroubleshoot Summary SELinux prevented httpd reading and writing access to http files. Detailed Description SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, This requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these context. Please refer to the man page "man httpd_selinux" or http://fedora.redhat.com/docs/selinux-apache-fc3 "TYPE" refers toi one of "sys", "user" or "staff" or potentially other script types. Allowing Access Changing the "httpd_unified" boolean to true will allow this access: "setsebool -P httpd_unified=1" The following command will allow this access: setsebool -P httpd_unified=1 Additional Information Source Context root:system_r:httpd_bugzilla_script_t Target Context root:object_r:httpd_tmp_t Target Objects /tmp/.NSPR-AFM-6806-97520c8.0 (deleted) [ file ] Affected RPM Packages Policy RPM selinux-policy-2.4.6-106.el5_1.3 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.httpd_unified Host Name richmond.csis.ul.ie Platform Linux richmond.csis.ul.ie 2.6.18-53.1.4.el5 #1 SMP Fri Nov 30 00:45:16 EST 2007 i686 i686 Alert Count 21 Raw Audit Messages avc: denied { read, write } for comm="index.cgi" dev=sda6 egid=48 euid=48 exe="/usr/bin/perl" exit=0 fsgid=48 fsuid=48 gid=48 items=0 path=2F746D702F2E4E5 350522D41464D2D363830362D393735323063382E30202864656C6574656429 pid=12090 scontext=root:system_r:httpd_bugzilla_script_t:s0 sgid=48 subj=root:system_r:httpd_bugzilla_script_t:s0 suid=48 tclass=file tcontext=root:object_r:httpd_tmp_t:s0 tty=(none) uid=48 Expected results: Additional info: I get a couple of other AVC messages but all seem to refer to the /tmp directory. For instance Raw Audit Messages avc: denied { read, write } for comm="userprefs.cgi" dev=sda6 egid=48 euid=48 exe="/usr/bin/perl" exit=0 fsgid=48 fsuid=48 gid=48 items=0 path=2F746D702F2E4E5 350522D41464D2D363830362D393735323063382E30202864656C6574656429 pid=12961 scontext=root:system_r:httpd_bugzilla_script_t:s0 sgid=48 subj=root:system_r:httpd_bugzilla_script_t:s0 suid=48 tclass=file tcontext=root:object_r:httpd_tmp_t:s0 tty=(none) uid=48
hi, do you still have these problems ? Can you give more details ?
That bug was reported 18 months ago. I've done several upgrades since then and sorted out the problem with the help of Daniel Walshe
I am sorry, if you have more problem's please open a new bug and I will try to help.
No problem. I have the latest Bugzilla working now with centOS 5.3. It was just a mater of setting the right contexts for the files.