Bugzilla [EPEL package] problem
Paul Howarth
paul at city-fan.org
Mon Jan 28 15:48:18 UTC 2008
R P Herrold wrote:
> On Mon, 28 Jan 2008, Tony Molloy wrote:
>
>>> bug number, and which bugzilla Version, please; I am pretty
>>> familiar with the code and packaging it, as I have done so
>>> seperately from the EPEL effort for some time.
>
>> https://bugzilla.redhat.com/show_bug.cgi?id=429879
>
> looks like some of the perl CGI scripts are not yet labelled properly to
> co-exist with enforcing in this packaging -- at least index.cgi and
> userprefs.cgi
>
> The candidates to label are found with:
> rpm -ql bugzilla | grep cgi
> and we can see they are in:
> /usr/share/bugzilla/
All should be labelled correctly:
# semanage fcontext -l | grep bugzilla
/var/lib/bugzilla(/.*)? all files
system_u:object_r:httpd_bugzilla_script_rw_t:s0
/usr/share/bugzilla(/.*)? directory
system_u:object_r:httpd_bugzilla_content_t:s0
/usr/share/bugzilla(/.*)? regular file
system_u:object_r:httpd_bugzilla_script_exec_t:s0
> The obvious short term workaround pending the update is to drop to
> permissive, which may or may not work in your environment.
Or add local policy to allow httpd_bugzilla_script_t to handle POSTed
data (which ends up as being httpd_tmp_t) properly, as mentioned on
fedora-selinux-list.
http://www.redhat.com/archives/fedora-selinux-list/2008-January/msg00146.html
Paul.
More information about the epel-devel-list
mailing list