Bugzilla [EPEL package] problem

Tony Molloy tony.molloy at ul.ie
Tue Jan 29 09:09:06 UTC 2008


On Monday 28 January 2008 15:48:18 Paul Howarth wrote:
> R P Herrold wrote:
> > On Mon, 28 Jan 2008, Tony Molloy wrote:
> >>> bug number, and which bugzilla Version, please; I am pretty
> >>> familiar with the code and packaging it, as I have done so
> >>> seperately from the EPEL effort for some time.
> >>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=429879
> >
> > looks like some of the perl CGI scripts are not yet labelled properly to
> > co-exist with enforcing in this packaging -- at least index.cgi and
> > userprefs.cgi
> >
> > The candidates to label are found with:
> >     rpm -ql bugzilla | grep cgi
> > and we can see they are in:
> >     /usr/share/bugzilla/
>
> All should be labelled correctly:
>
> # semanage fcontext -l | grep bugzilla
> /var/lib/bugzilla(/.*)?                            all files
> system_u:object_r:httpd_bugzilla_script_rw_t:s0
> /usr/share/bugzilla(/.*)?                          directory
> system_u:object_r:httpd_bugzilla_content_t:s0
> /usr/share/bugzilla(/.*)?                          regular file
> system_u:object_r:httpd_bugzilla_script_exec_t:s0
>
> > The obvious short term workaround pending the update is to drop to
> > permissive, which may or may not work in your environment.

I could do that but I don't want to. I'm working on a test server and I want 
it to run all services with selinux set to enforcing. Then I can configure 
all our production servers corectly.


What I did was generate a local policy and install it.


Tony

>
> Or add local policy to allow httpd_bugzilla_script_t to handle POSTed
> data (which ends up as being httpd_tmp_t) properly, as mentioned on
> fedora-selinux-list.
>
> http://www.redhat.com/archives/fedora-selinux-list/2008-January/msg00146.ht
>ml
>
> Paul.
>
> _______________________________________________
> epel-devel-list mailing list
> epel-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/epel-devel-list





More information about the epel-devel-list mailing list