Bug 797086 - error and inaccuracy in description
Summary: error and inaccuracy in description
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot-plugins
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-24 08:43 UTC by Valentin Laskov
Modified: 2013-01-09 15:01 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-09 15:01:21 UTC
Type: ---


Attachments (Terms of Use)

Description Valentin Laskov 2012-02-24 08:43:31 UTC
Description of problem:
I'm translating this [1] to Bulgarian. There are mistakes in the flwng text, I think:
If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux man page for further information: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t <path>" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t public_content_rw_t <path>"

In "...default file context files on the system in order to preserve them even on a full relabel." system must be directory and what is relabel ?


Additional info:
[1] third on the page
https://fedora.transifex.net/projects/p/setroubleshoot/resource/plugins/l/bg/view/

Comment 1 Valentin Laskov 2012-02-24 08:51:43 UTC
I learned what is relabel :)

Comment 2 Valentin Laskov 2012-02-24 11:47:58 UTC
There is a URL devided by NewLine and spaces in the 14-th:
The $SOURCE application attempted to load $TARGET_PATH which requires text relocation. This is a potential security problem. Most libraries should not need this permission. The <a href="http://people.redhat.com/drepper/selinux-mem.html"> SELinux Memory Protection Tests</a> web page explains this check. This tool examined the library and it looks like it was built correctly. So setroubleshoot can not determine if this application is compromized or not. This could be a serious issue. Your system may very well be compromised.

Contact your security administrator and report this issue.

Comment 3 Daniel Walsh 2012-02-24 19:22:14 UTC
Not sure what the problem is here?

Comment 4 Valentin Laskov 2012-02-27 07:28:04 UTC
In the first text: "You must also change the default file context files on the system ...", may be misunderstood as "the whole system" but not "in the (public) directory".
In the second text, URL is splitted on two lines and has spaces, and probably not be displayed correctly.
If you do not think so, please close this bug.

Comment 5 Daniel Walsh 2012-02-27 20:09:00 UTC
How about:

    You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel.  "semanage fcontext -a -t public_content_rw_t <path>"


Note You need to log in before you can comment on or make changes to this bug.