[Bug 169247] Review request: rt3 - Request tracker 3

bugzilla at redhat.com bugzilla at redhat.com
Mon Oct 17 07:34:46 UTC 2005


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review request: rt3 - Request tracker 3


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169247





------- Additional Comments From paul at city-fan.org  2005-10-17 03:34 EST -------
(In reply to comment #16)
> (In reply to comment #14)
> 
> > The following lines added to file_contexts/program/apache.fc in the policy
> > sources should take care of both HTML::Mason and rt3
> > 
> > /var/cache/mason(/.*)?	system_u:object_r:httpd_cache_t
> > /var/cache/rt3(/.*)?	system_u:object_r:httpd_cache_t
> How can this be achieved inside of the rt3-rpm?

They could be added to a file in /etc/selinux/targeted/contexts/files. However,
that would be the wrong approach. The right approach is to get the policy
changed upstream, by raising a bug on selinux-policy-targeted or mentioning the
issue on fedora-selinux-list, as mentioned in the previous two comments.

> > I think we're all agreed that /var/cache/rt3 is a better option than
> > /var/lib/rt3, aren't we?
> Yes, but unless somebody tells me how to achieve this inside of an rpm, without
> having to modify on of the centralized SELinux packages I don't seem any
> perspective to do so.
> 
> AFAIK, the current SELinux implementation doesn't allow this, except of (may-be)
> running chcon inside of a %postin script directly.

I'm happy to handle the SELinux bug report and get it fixed, but I need to make
sure that I'm getting the right directories fixed. There's no point getting the
context of /var/cache/{mason,rt3} fixed if /var/lib/{mason,rt3} are being used
by the {mason,rt3} packages. So, are /var/cache/{mason,rt3} the directories that
are going to be used?

BTW, I believe FC5 will have a more modular approach where tweaks to policy like
this *can* be handled within the package.


-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.




More information about the fedora-extras-list mailing list