639511 – Smokeping not working on Fedora 13

Bug 639511 - Smokeping not working on Fedora 13

Summary: Smokeping not working on Fedora 13

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	13
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-10-02 00:46 UTC by fedbugs
Modified:	2010-10-19 07:06 UTC (History)
CC List:	5 users (show)
Fixed In Version:	selinux-policy-3.7.19-65.fc13
Clone Of:
Environment:
Last Closed:	2010-10-19 07:06:42 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description fedbugs 2010-10-02 00:46:53 UTC

Description of problem:

Smokeping is not displaying the target graphs when SELinux is in "Enforcing" mode. There is no problem when SELinux is set to "Permissive".

Version-Release number of selected component (if applicable):

smokeping-2.4.2-10.fc12.noarch (this could be a problem in itself as there is no fc13 build of this package available)

How reproducible:

Constantly.

Steps to Reproduce:
1. Enable httpd & smokeping daemons
2. Load "http://localhost/smokeping/sm.cgi" in browser (Firefox 3.6.10 in this instance)
3. Click on one of the smokeping targets under 'charts' in the menu sidebar
4. Error messages will be displayed in '/var/log/messages' & '/var/log/audit/audit.log'
  
Actual results:

No target charts (and associated information) displayed.

Expected results:

Target chart and associated information.

Additional info:

avc:  denied  { create } for  pid=1972 comm="smokeping.cgi" name="__chartscache" scontext=unconfined_u:system_r:httpd_smokeping_cgi_script_t:s0 tcontext=unconfined_u:object_r:smokeping_var_lib_t:s0 tclass=dir

avc:  denied  { read } for  pid=27651 comm="httpd" name="BBCNews_last_108000.png" dev=sdb2 ino=7350256 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:smokeping_var_lib_t:s0 tclass=file

localhost ~]# ls -alZ /usr/share/smokeping/cgi
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 .
drwxr-xr-x. root root system_u:object_r:usr_t:s0       ..
-rwxr-xr-x. root root system_u:object_r:httpd_smokeping_cgi_script_exec_t:s0 smokeping.cgi
-rwxr-xr-x. root root system_u:object_r:httpd_smokeping_cgi_script_exec_t:s0 tr.cgi
localhost ~]#

Comment 1 Daniel Walsh 2010-10-03 11:24:35 UTC

Miroslav add

	smokeping_read_lib_files(httpd_t)

and

	manage_dirs_pattern(httpd_smokeping_cgi_script_t, smokeping_var_lib_t, smokeping_var_lib_t)

Comment 2 Dominick Grift 2010-10-03 15:38:39 UTC

Why would httpd_t need to read smokeping_var_lib_t files. Is this some inheritance issue?

Comment 3 Miroslav Grepl 2010-10-04 11:58:26 UTC

Looks like httpd reads /var/lib/smokeping/images/*.png files.

Comment 4 Dominick Grift 2010-10-04 16:12:45 UTC

But why httpd_t and not httpd_smokeping_cgi_script_t?

Comment 5 Miroslav Grepl 2010-10-05 14:58:55 UTC

Fixed in selinux-policy-3.7.19-64.fc13

Comment 6 Fedora Update System 2010-10-08 10:32:21 UTC

selinux-policy-3.7.19-65.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-65.fc13

Comment 7 Fedora Update System 2010-10-08 20:48:47 UTC

selinux-policy-3.7.19-65.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-65.fc13

Comment 8 Fedora Update System 2010-10-19 07:05:39 UTC

selinux-policy-3.7.19-65.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.