[Bug 169247] Review request: rt3 - Request tracker 3
bugzilla at redhat.com
bugzilla at redhat.com
Mon Oct 17 07:34:46 UTC 2005
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review request: rt3 - Request tracker 3
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169247
------- Additional Comments From paul at city-fan.org 2005-10-17 03:34 EST -------
(In reply to comment #16)
> (In reply to comment #14)
>
> > The following lines added to file_contexts/program/apache.fc in the policy
> > sources should take care of both HTML::Mason and rt3
> >
> > /var/cache/mason(/.*)? system_u:object_r:httpd_cache_t
> > /var/cache/rt3(/.*)? system_u:object_r:httpd_cache_t
> How can this be achieved inside of the rt3-rpm?
They could be added to a file in /etc/selinux/targeted/contexts/files. However,
that would be the wrong approach. The right approach is to get the policy
changed upstream, by raising a bug on selinux-policy-targeted or mentioning the
issue on fedora-selinux-list, as mentioned in the previous two comments.
> > I think we're all agreed that /var/cache/rt3 is a better option than
> > /var/lib/rt3, aren't we?
> Yes, but unless somebody tells me how to achieve this inside of an rpm, without
> having to modify on of the centralized SELinux packages I don't seem any
> perspective to do so.
>
> AFAIK, the current SELinux implementation doesn't allow this, except of (may-be)
> running chcon inside of a %postin script directly.
I'm happy to handle the SELinux bug report and get it fixed, but I need to make
sure that I'm getting the right directories fixed. There's no point getting the
context of /var/cache/{mason,rt3} fixed if /var/lib/{mason,rt3} are being used
by the {mason,rt3} packages. So, are /var/cache/{mason,rt3} the directories that
are going to be used?
BTW, I believe FC5 will have a more modular approach where tweaks to policy like
this *can* be handled within the package.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-extras-list
mailing list