[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges

bugzilla at redhat.com bugzilla at redhat.com
Tue May 19 02:17:57 UTC 2009


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=501228





--- Comment #3 from KaiGai Kohei <kaigai at kaigai.gr.jp>  2009-05-18 22:17:56 EDT ---
Jochen, Thanks for your detailed reviewing.

I uploaded the revised Spec and SRPM at:
 Spec URL: http://sepgsql.googlecode.com/files/mod_selinux.spec_v2.2.1904
 SRPM URL:
http://sepgsql.googlecode.com/files/mod_selinux-2.2.1904-1.fc11.src.rpm

(In reply to comment #2)
> - Package fails on koji (pleas see:
> http://koji.fedoraproject.org/koji/taskinfo?taskID=1361107)
>   This happens only for 64-bit architectures

Its Makefile assumed an external file provided by httpd-devel is deployed at
/usr/lib/httpd/build/special.mk, but it was /usr/lib64/httpd/build/special.mk
in x86_64 and ppc64.

So, I updated it as follows:

- top_srcdir=/etc/httpd  
- top_builddir=/usr/lib/httpd  
- include /usr/lib/httpd/build/special.mk
+ top_srcdir=/etc/httpd
+ top_builddir=$(shell $(APXS) -q libdir)/httpd
+ include $(top_builddir)/build/special.mk

The /usr/sbin/apxs (provided by httpd-devel) can return a correct path for the
target environment, so the Makefile new gets being portable.

at x86_64:
  [kaigai at masu ~]$ /usr/sbin/apxs -q libdir
  /usr/lib64

at i386:
  [kaigai at saba ~]$ /usr/sbin/apxs -q libdir
  /usr/lib

> - Package could no build localy on F-10 because of dependencies  

Yes, this package uses a new feature in linux-2.6.28 will be available in F-11.

The mod_selinux switches the security context on the worker thread to handle
a http request prior to invocations of contents handler.
But it was not available at linux-2.6.27 or older.

Fortunately, it was sumarized at SELinux-ML yesterday:
  http://marc.info/?l=selinux&m=124265539924989&w=2

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.




More information about the Fedora-package-review mailing list