Red Hat Bugzilla – Bug 848339
SELinux is preventing /usr/bin/perl from 'read' accesses on the file /var/lightsquid/20120801/.features.
Last modified: 2012-11-19 21:57:43 EST
libreport version: 2.0.10
time: Wednesday 15 August 2012 03:23:47 PM IST
description: Text file, 7231 bytes
Created attachment 604566 [details]
miroslav, I have added fixes for this in squid.* for Fedora 18.
lightsquid should really be using /var/lib/lightsquid or /var/cache/lightsquid, or /var/spool/lightsquid, depending on the content in the /var/lightsquid directory.
Created attachment 611395 [details]
I was just looking at this policy and i believe it needs to be rewritten (see my attached patch which is untested)
This app is basically a cron system entry that parses squid log and generates reports.
The lightsquid cgi webapp reads and displays the reports.
It is not a init daemon domain
/usr/sbin/logparser.pl can bin bin_t
/etc/cron.daily/lightsquid can be the entry point to the lightsquid domain
httpd_t doesnt have to read /var/lightsquid if you create a apache content template (lightsquid)
/var/lightsquid is not defined/labeled
Created attachment 611396 [details]
something went wrong. see attached patch
Created attachment 611400 [details]
lightsquid patch v1
Prveious patch had a small issue
We treat it with the squid policy.
do you think a new policy is really needed?
I don't think we should add a new domain for this. We have too many domains as it is.
selinux-policy-3.10.0-96.fc16 has been submitted as an update for Fedora 16.
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-96.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
selinux-policy-3.10.0-96.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.