797086 – error and inaccuracy in description

Bug 797086 - error and inaccuracy in description

Summary: error and inaccuracy in description

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	setroubleshoot-plugins
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-02-24 08:43 UTC by Valentin Laskov
Modified:	2013-01-09 15:01 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-01-09 15:01:21 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Valentin Laskov 2012-02-24 08:43:31 UTC

Description of problem:
I'm translating this [1] to Bulgarian. There are mistakes in the flwng text, I think:
If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux man page for further information: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t <path>" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t public_content_rw_t <path>"

In "...default file context files on the system in order to preserve them even on a full relabel." system must be directory and what is relabel ?


Additional info:
[1] third on the page
https://fedora.transifex.net/projects/p/setroubleshoot/resource/plugins/l/bg/view/

Comment 1 Valentin Laskov 2012-02-24 08:51:43 UTC

I learned what is relabel :)

Comment 2 Valentin Laskov 2012-02-24 11:47:58 UTC

There is a URL devided by NewLine and spaces in the 14-th:
The $SOURCE application attempted to load $TARGET_PATH which requires text relocation. This is a potential security problem. Most libraries should not need this permission. The <a href="http://people.redhat.com/drepper/selinux-mem.html"> SELinux Memory Protection Tests</a> web page explains this check. This tool examined the library and it looks like it was built correctly. So setroubleshoot can not determine if this application is compromized or not. This could be a serious issue. Your system may very well be compromised.

Contact your security administrator and report this issue.

Comment 3 Daniel Walsh 2012-02-24 19:22:14 UTC

Not sure what the problem is here?

Comment 4 Valentin Laskov 2012-02-27 07:28:04 UTC

In the first text: "You must also change the default file context files on the system ...", may be misunderstood as "the whole system" but not "in the (public) directory".
In the second text, URL is splitted on two lines and has spaces, and probably not be displayed correctly.
If you do not think so, please close this bug.

Comment 5 Daniel Walsh 2012-02-27 20:09:00 UTC

How about:

    You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel.  "semanage fcontext -a -t public_content_rw_t <path>"

Note You need to log in before you can comment on or make changes to this bug.