Bug 442706 - fixfiles prints out 'broken pipe' error when selinux is disabled
fixfiles prints out 'broken pipe' error when selinux is disabled
Product: Fedora
Classification: Fedora
Component: glpi (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Remi Collet
Fedora Extras Quality Assurance
Depends On:
Blocks: F9Target
  Show dependency treegraph
Reported: 2008-04-16 07:26 EDT by Karsten Hopp
Modified: 2008-04-25 14:55 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-25 14:55:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Karsten Hopp 2008-04-16 07:26:19 EDT
Description of problem:
Several packages run fixfiles in their %post script and the script failes when
selinux is disabled, p.e.:
  Installier: glpi                         ################### [2891/6284]
semodule: SELinux policy is not managed or store cannot be accessed.
cut: Schreibfehler: Datenübergabe unterbrochen (broken pipe)

Version-Release number of selected component (if applicable):
Comment 1 Daniel Walsh 2008-04-22 17:13:39 EDT
The problem here is the glpi spec file is not checking if SELinux is installed.

It should be using 

semodule -s targeted glpi.pp

You don't need to install a Policy Package for this either.

semanage fcontext could be used.

/etc/glpi(/.*)?          root:object_r:httpd_sys_content_t:s0
/var/log/glpi(/.*)?   system_u:object_r:httpd_sys_content_t:s0
/var/lib/glpi(/.*)?   system_u:object_r:httpd_sys_content_t:s0

This would be better if you specified.

/etc/glpi(/.*)?       system_u:object_r:httpd_sys_content_t:s0
/var/log/glpi(/.*)?   system_u:object_r:httpd_sys_script_rw_t:s0
Do the php scripts actually read/write this directory or could you label it
/var/lib/glpi(/.*)?   system_u:object_r:httpd_sys_script_rw_t:s0
Comment 2 Remi Collet 2008-04-25 14:54:36 EDT
@daniel, thanks

Next release will use semanage fcontext.

Note You need to log in before you can comment on or make changes to this bug.