[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Bugzilla [EPEL package] problem



R P Herrold wrote:
On Mon, 28 Jan 2008, Tony Molloy wrote:

bug number, and which bugzilla Version, please; I am pretty
familiar with the code and packaging it, as I have done so
seperately from the EPEL effort for some time.

https://bugzilla.redhat.com/show_bug.cgi?id=429879

looks like some of the perl CGI scripts are not yet labelled properly to co-exist with enforcing in this packaging -- at least index.cgi and userprefs.cgi

The candidates to label are found with:
    rpm -ql bugzilla | grep cgi
and we can see they are in:
    /usr/share/bugzilla/

All should be labelled correctly:

# semanage fcontext -l | grep bugzilla
/var/lib/bugzilla(/.*)? all files system_u:object_r:httpd_bugzilla_script_rw_t:s0 /usr/share/bugzilla(/.*)? directory system_u:object_r:httpd_bugzilla_content_t:s0 /usr/share/bugzilla(/.*)? regular file system_u:object_r:httpd_bugzilla_script_exec_t:s0

The obvious short term workaround pending the update is to drop to permissive, which may or may not work in your environment.

Or add local policy to allow httpd_bugzilla_script_t to handle POSTed data (which ends up as being httpd_tmp_t) properly, as mentioned on fedora-selinux-list.

http://www.redhat.com/archives/fedora-selinux-list/2008-January/msg00146.html

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]