Bug 459415 - prelude domain modifications
prelude domain modifications
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-18 13:44 EDT by Dominick Grift
Modified: 2008-11-17 17:05 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-17 17:05:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dominick Grift 2008-08-18 13:44:56 EDT
Description of problem:
prelude domain policy requires policy.

Version-Release number of selected component (if applicable):
selinux-policy-3.5.1-4.fc10.noarch

optional_policy(`
apache_search_sys_content(httpd_prewikka_script_t)
corenet_tcp_connect_postgresql_port(httpd_prewikka_script_t)
files_search_tmp(httpd_prewikka_script_t)
')

corenet_tcp_connect_postgresql_port(prelude_t)
files_search_tmp(prelude_t)
Comment 1 Dominick Grift 2008-08-18 13:52:45 EDT
The optional policy block is wrong for corenetport... and file_search...
Comment 2 Dominick Grift 2008-08-18 13:54:25 EDT
By the way: snort module is still not installed. Can we have policy for snort?
Comment 3 Daniel Walsh 2008-08-20 07:27:37 EDT
Fixes are in selinux-policy-3.5.5-1.fc10.src.rpm
, including snort.  Which will be available as soon as Fedora Infrastructure is back up and running.

BTW, what is prelude searching for in /tmp?
Comment 4 Dominick Grift 2008-08-26 06:40:06 EDT
good question, i am not sure. ill keep an eye on that and lets you know if i figure it out.
Comment 5 Dominick Grift 2008-08-26 09:22:09 EDT
Well i went to #prelude and asked about it. Seems it has to do with the fact that the maintainer want prelude-manager to be able to run without user intervention.

It appears that there is a scenario where prelude-manager creates a socket in /tmp. Maybe if prelude manager is started by a user instead of root. Not really sure but i seems the maintainer prefers /tmp over /var/run for this.
Comment 6 Daniel Walsh 2008-08-29 12:45:57 EDT
Well the maintainer is wrong.  System processes should not be creating things in /tmp.  This is just asking for problems.

If a user can control a directory where a nother process is trying to create things, it is a recipe for mischief, to put it mildly.
Comment 7 Daniel Walsh 2008-11-17 17:05:34 EST
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.